I know this video has aged somewhat, but I was able to access the token through the getToken method just fine. To be honest, if it wouldn't work on the server, the utility wouldn't make much sense, especially the way the example is configured (the request object is a dead giveaway that this lives on the server). Otherwise, the video was very informative, and I really appreciate that you took the time to put this together. As others have mentioned, there isn't a lot out there in the way of examples of what a complete implementation should look like using these technologies.
Muito obrigado por compartilhar esse conhecimento incrivel. Você me ajudou muito com esse tutorial, muito bem explicado e didatico. Parabéns pelo seu trabalho!
But what if i closed my browser, will it still work. When i closed my browser, session is killed after token expires because it couldn't get update session
Awesome video, thank you a lot for this! I have one doubt: When the cookie is manually deleted, until the application is F5ed, the content is not properly restricted. For example, with the /products page yes, but with the /products/create page no. Is there a way to make that when the nextauth cookie ceases to exist, it simply logout?
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
Thanks a lot, excellent tutorial, I'm having problems with keycloak when migrating from 12 to 13. Can you please showing how can we auto redirect to keycloak login page when user access our page ?
@DoubleDashHelp, I really appreciated your video on Keycloak! I've been trying to delve deeper into its capabilities, especially regarding the integration of the Prisma Adapter, Group/Roles management, and Policy Enforcement all within Keycloak. I've encountered a challenge with Group and Roles. After setting up the Prisma Adapter to extend the user's profile, I noticed the account table doesn't update the access token. If I reassign a user to a different group/role in Keycloak, their account details remain unchanged. My workaround has been to delete the user's entry in the account table upon signout, ensuring a new account is created upon their next login. However, I'm curious if you've found a more efficient solution? Thanks in advance for any insights!
Do you have any samples of how I set it up to use keycloak without the redirect page? I need to get a token from a public client (I dont need to send the secret id) tks
Thanks for your tutorials👏👏 Why do we connect to the keycloak server from the front-end side? If there is an external authentication-authorization service on the backend side and all front-end (mobile client, react client etc.) connect to this external service and do token retrieval from there. So only this service will be connected to the keycloak service. What are the pros and cons of this approach?
Thanks for your comment! The nature of the Authorization Code flow requires things to be setup this way, with the frontend connecting directly to the auth server. Please look for articles on how the Authorization Code flow works in the Oauth2 RFC, it will become more clear.
Access token is automatically updated through the refresh token process If you want to force token refresh before it expire, the user have to logout and login again.. Personnaly i don't see any relevant thing doing this
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
This is amazing, nowhere else could i find anything resembling this level of quality on Keycloak + Next! Thank you!
That's an excellent tutorial. Much better than 90% of what I can find in the internet. Thank you very much!
This tutorial was really helpful and very clearly explained. Thank you and I hope you create more awesome videos in the future, Leo!
You are a hero for this! Excellent tutorial and great job explaining all the detail and painting a full picture. 5/5 stars!
I like your content style-straight to the point.
Great video. Any chance you would do a follow-up video using next-auth v5 and lessons learned regarding access-token?
Obrigado, Não tinha achado nada assim na internet, thanks from brazil !!
I know this video has aged somewhat, but I was able to access the token through the getToken method just fine. To be honest, if it wouldn't work on the server, the utility wouldn't make much sense, especially the way the example is configured (the request object is a dead giveaway that this lives on the server). Otherwise, the video was very informative, and I really appreciate that you took the time to put this together. As others have mentioned, there isn't a lot out there in the way of examples of what a complete implementation should look like using these technologies.
A very well done tutorial,
you explain key points very clearly with great details, thank you for your effort.
Very Clear, and Very well explained! Thank you!
Thanks for sharing and great material!
Awsome, thank you!
great guide, straight to the point, would like to buy you a beer or something if you have a link
Your video helped me a lot. Thanks, keep up the good work! 😀
This is awesome! thank you
Very useful Thanks!
Thank you! Excellent
Muito obrigado por compartilhar esse conhecimento incrivel. Você me ajudou muito com esse tutorial, muito bem explicado e didatico. Parabéns pelo seu trabalho!
Hello, awesome work,
could you please commit demo-frontend (client) configurations of keycloak?
But what if i closed my browser, will it still work.
When i closed my browser, session is killed after token expires because it couldn't get update session
Awesome video, thank you a lot for this! I have one doubt: When the cookie is manually deleted, until the application is F5ed, the content is not properly restricted. For example, with the /products page yes, but with the /products/create page no. Is there a way to make that when the nextauth cookie ceases to exist, it simply logout?
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?
thank you Could you please show me how to store the data in golang in postgresql ?
Thanks a lot, excellent tutorial, I'm having problems with keycloak when migrating from 12 to 13. Can you please showing how can we auto redirect to keycloak login page when user access our page ?
thank you for this awesome tutorial. is there any keycloak plugin for Strapi CMS?
awsome!
@DoubleDashHelp, I really appreciated your video on Keycloak! I've been trying to delve deeper into its capabilities, especially regarding the integration of the Prisma Adapter, Group/Roles management, and Policy Enforcement all within Keycloak.
I've encountered a challenge with Group and Roles. After setting up the Prisma Adapter to extend the user's profile, I noticed the account table doesn't update the access token. If I reassign a user to a different group/role in Keycloak, their account details remain unchanged. My workaround has been to delete the user's entry in the account table upon signout, ensuring a new account is created upon their next login. However, I'm curious if you've found a more efficient solution?
Thanks in advance for any insights!
Do you have any samples of how I set it up to use keycloak without the redirect page? I need to get a token from a public client (I dont need to send the secret id) tks
Thanks for your tutorials👏👏 Why do we connect to the keycloak server from the front-end side? If there is an external authentication-authorization service on the backend side and all front-end (mobile client, react client etc.) connect to this external service and do token retrieval from there. So only this service will be connected to the keycloak service. What are the pros and cons of this approach?
Thanks for your comment! The nature of the Authorization Code flow requires things to be setup this way, with the frontend connecting directly to the auth server.
Please look for articles on how the Authorization Code flow works in the Oauth2 RFC, it will become more clear.
Meu , tu salvou meu dia !
Não poderia criar exemplo para o web3?
Hi , could you please post how to use keyclock next js client
can you integrate it with krakend for the gateway ?
It feels bad to go from client to next server to go server. At least when I have big traffic this could cause a bottleneck
how can we update the token if there are client side data fetching
Access token is automatically updated through the refresh token process
If you want to force token refresh before it expire, the user have to logout and login again.. Personnaly i don't see any relevant thing doing this
you cant create an auth with custom form
Keycloak will let you customize it own theme.. Can take a look a keyclokify if using react of you will oblige to work with it .ftl files
@@raoufcode i know. But for Vue i dont see some variant
await getAccessToken each time when i send request in bad idea
I have implemented the session delete method, but why do I have to log out when I log out and want to log in again and it doesn't go to the keycloak page again?