Authentication - feel the user experience

There are several methods for authentication : certificates, passwords, pincode, webauthn, One Time Password…

Choosing an authentication method is not a technical choice : it has hudge impacts on security but also on User eXperience.

This article shows several demos, built with Keycloak, and let you have a perception of User eXperience for each authentication method.

Read full post

Action token, an idea for newsletter authentication

Action tokens are a particular type of token that allows unauthenticated users to perform some limited and predefined actions.

Usual use case are :

E-mail confirmation
Credentials reset
Execute required action(s)
and any action relevant with the flow and your use cases…
This article explains what is an action token and how to use it to authenticate users from a link inside a newsletter

Read full post

Authorization code grant : how it works, and try it !

Authorization code grant (also named “auth_code”) is one of the most popular authentication method on the web. Every oauth2 provider implements this flow which is the best for web authentication. Facebook, Google, Twitter, Linkedin… all of them use it (or partially, we will explain why).

OpenVPN and Keycloak : Link your VPN Infrastructure with your SSO

OpenVPN allows usage of PAM modules. By using an oauth2 client PAM module and password grant, we can use our own SSO (Keycloak) to authenticate users on a VPN infrastructure.

For Oauth2 providers which do not allow Password Grant, we will use a “token authentication” by providing a valid token instead of a password. Code and demo with Google as authentication provider.

Read full post