|
You are here |
mydeveloperplanet.com | ||
| | | | |
josiahparry.com
|
|
| | | | | ||
| | | | |
www.keycloak.org
|
|
| | | | | Keycloak - the open source identity and access management solution. Add single-sign-on and authentication to applications and secure services with minimum effort. | |
| | | | |
blog.christianposta.com
|
|
| | | | | In the previous blog, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as part of Dynamic Client Registration (RFC 7591). Once we have an OAuth client, we will want to continue to use SPIFFE to authenticate to our Authorization Server. This eliminates the need for a long-lived "client secret" which is common for Confidential OAuth. This means we can use the Agent or MCP client's identity (based on SPIFFE) for authorization flows based on OAuth. We dig into that in this blog. | |
| | | | |
www.shuttle.dev
|
|
| | | Using JSON Web Tokens (JWTs) when implementing authentication in a Rust API | ||