George Thomas

IAM Engineer at Skycloak

George is an IAM engineer with 23+ years in software engineering, including 14+ years specializing in identity and access management. He designs and modernizes enterprise IAM platforms with deep expertise in Keycloak, OAuth 2.0, OpenID Connect, SAML, and identity federation across cloud and hybrid environments. Previously at Trianz and a long-term contributor to Entrust IAM product engineering, George authors Skycloak's technical Keycloak tutorials.

23 articles published

Keycloak Identity and Access Management OAuth 2.0 OpenID Connect SAML Identity Federation IAM Architecture SSO

Articles by George Thomas

JWT Authorization Grant in Keycloak with External IdP

April 13, 2026 3 min read

Learn how to implement JWT Authorization Grant in Keycloak using Auth0 as an external Identity Provider, including setup steps and…

Auth0 vs Keycloak: Login & Token Customization

April 7, 2026 3 min read

Learn how Auth0 and Keycloak handle login control and token customization. Explore Actions, Authentication Flows, Protocol Mappers, and architecture trade-offs.

Keycloak CI/CD with GitHub Actions and Terraform

March 24, 2026 3 min read

Learn how to automate Keycloak using Terraform and GitHub Actions. Build a CI/CD pipeline with secure secrets, plan, and apply…

Keycloak Configuration as Code with Terraform

March 24, 2026 3 min read

Learn how to manage Keycloak using Terraform with Configuration as Code. Step-by-step guide with client setup, roles, and best practices.

Client Credentials Flow with Skycloak and Node.js

March 17, 2026 3 min read

Learn Client Credentials flow using Skycloak and Node.js. Implement secure machine-to-machine authentication with practical examples.

DPoP with Keycloak Admin API Using Node.js

February 26, 2026 6 min read

Implement DPoP proof-of-possession tokens with Keycloak Admin API using Node.js to prevent token replay attacks and secure API access.

Securing MCP Servers with Keycloak OAuth 2.0

February 5, 2026 6 min read

Learn how to secure Model Context Protocol (MCP) servers using Keycloak OAuth 2.0 with token introspection, audience validation, and RFC…

Using SCIM 2.0 with Skycloak (Managed Keycloak)

December 22, 2025 4 min read

Configure SCIM 2.0 in Keycloak using Skycloak with external JWT authentication for automated user provisioning and lifecycle management.

Secure React API Access Using Keycloak (OIDC + PKCE)

December 14, 2025 5 min read

Learn how to secure React API access with Keycloak using OIDC Authorization Code Flow and PKCE for browser-based single-page applications.

Forward Keycloak Events to SIEM via Skycloak HTTP Webhook

December 10, 2025 4 min read

Learn how to forward Keycloak authentication events, server logs, and security telemetry to your SIEM platform using Skycloak HTTP webhook…

1 2 3 Next