Latest from the Blog
Decoding the JSON Web Token (JWT)
hello , in this part we will find how to read the JWT. In the first two parts of this series, we: Now, let’s address the fundamental question: What exactly is that huge, cryptic string we call the Access Token? It looks like a random, daunting string, but it’s actually a compact, self-contained digital passport—the JSON Web Token (JWT). When we…
Keycloak S2S Verification with Postman and the aud Claim
In our previous post, we detailed why we moved away from legacy AD service users and adopted Keycloak’s Client Credentials Grant for secure Service-to-Service (S2S) authentication. We configured our Chat App Service (chat-app-service) to call the protected CRM API Gateway (crm-api-gateway), locking down access using the critical Audience (aud) claim. Now for the final, and most satisfying, step: Verification. We needed a standard, accessible tool to prove…
Secure Service-to-Service (S2S) Authentication in Microservices with Keycloak & Audience
Our Problem: The Fragility of Legacy S2S in a Microservices World For years, when we needed one application to talk to another via a REST API, the solution was straightforward: we’d create a dedicated Active Directory (AD) service user. This approach worked beautifully with our monolithic applications, especially those running on .NET Framework on IIS. The tight integration with Windows Authentication made it seamless. …
Get new content delivered directly to your inbox.