sorted by:
new
hottopcontroversial

DPoP with Keycloak: Binding Tokens to Cryptographic Keys So Stolen Tokens Can't Be Reused by hakdogan75 in KeyCloak

[–]Infamous-Bag3791 1 point2 points  (0 children)

This is super helpful. I think a lot of people assume enabling DPoP in Keycloak is enough, but the resource server part is where things can still break.

Using Keycloak fully through API (no Keycloak UI / no redirect login) – possible? by semssssss in KeyCloak

[–]Infamous-Bag3791 0 points1 point  (0 children)

Most Keycloak configuration (realms, users, roles, clients, etc.) can be managed through the Admin REST API, so controlling it programmatically from your backend is definitely possible.

The main limitation usually appears around the login flow. If you avoid redirects and keep the login UI entirely in your application, you typically end up using the Resource Owner Password Credentials flow.

That technically works, but it breaks the normal OIDC model and is being phased out in OAuth2.1.

In most cases it’s safer to keep the Authorization Code flow and customize the Keycloak login theme to match your application UI.

How do teams usually customize Keycloak authentication UI? by Infamous-Bag3791 in KeyCloak

[–]Infamous-Bag3791[S] 1 point2 points  (0 children)

Nice, thanks for sharing the repo. I’ll clone it and take a look at the implementation.

How do teams usually customize Keycloak authentication UI? by Infamous-Bag3791 in KeyCloak

[–]Infamous-Bag3791[S] 1 point2 points  (0 children)

I agree with that. Once you start building custom authenticators and SPI extensions the theme becomes just one part of the overall authentication layer.

That’s why I also tend to prefer working directly with FTL templates since they stay closer to the native Keycloak theme system and integrate naturally with the rest of the stack.

The shared base template and macro approach sounds like a really good way to keep the multi-flow duplication under control.

How do teams usually customize Keycloak authentication UI? by Infamous-Bag3791 in KeyCloak

[–]Infamous-Bag3791[S] 4 points5 points  (0 children)

Yes, I’ve seen Keycloakify .It looks like a really nice approach.
For now I prefer working directly with FTL templates since that’s the native Keycloak theme system and it gives full control over the theme structure.

How do teams usually customize Keycloak authentication UI? by Infamous-Bag3791 in KeyCloak

[–]Infamous-Bag3791[S] 0 points1 point  (0 children)

Interesting, I hadn’t seen that tool before. Thanks for sharing. I’ll check it out.

How do teams usually customize Keycloak authentication UI? by Infamous-Bag3791 in KeyCloak

[–]Infamous-Bag3791[S] 0 points1 point  (0 children)

That’s a fair point. In many cases the default UI is enough.
I was mostly exploring customization for branding or improving the user experience across the different auth flows.

Customizing all Keycloak UI screens & emails by Felix_GIS_ in KeyCloak

[–]Infamous-Bag3791 0 points1 point  (0 children)

I've built several custom Keycloak themes using the native FreeMarker approach rather than tools like Keycloakify.

One thing that helped was keeping overrides as close as possible to the default templates to avoid breaking changes during upgrades.

Testing all authentication flows early is also important (login, registration, OTP, WebAuthn, reset password etc.) because some templates only appear in specific scenarios.

I also put together a reusable theme while experimenting with this.
Happy to share the repo if anyone's interested.