Blog

Insights on Identity, Security & Keycloak

Tutorials, deep dives, and best practices from the Skycloak team.

JWT Token Lifecycle Management: Expiration, Refresh, and Revocation Strategies

Learn JWT token lifecycle management strategies including expiration policies, refresh token rotation, and revocation mechanisms for secure authentication systems.

Guilliano Molaire November 17, 2025 17 min read

Tutorials

Using Custom User Attributes in Keycloak OIDC Tokens

Learn how to add custom user attributes to Keycloak OIDC tokens and map them to your client application. Includes Spring…

George Thomas November 17, 2025 4 min read

Tutorials

Attribute Mapping in Keycloak During OIDC Identity Brokering

Learn how to map user attributes like email and phone number in Keycloak during OIDC identity brokering with external providers…

George Thomas November 15, 2025 4 min read

Tutorials

Use kc_idp_hint to Choose Identity Provider in Keycloak

Learn how to use kc_idp_hint in Keycloak to skip the login screen and redirect users directly to a specific identity…

Guilliano Molaire November 12, 2025 8 min read

guides

Authentication Technology Refresh: Modernization Planning and Timeline

Plan your authentication modernization with this step-by-step guide covering protocol selection, migration timelines, and compliance requirements.

Guilliano Molaire November 12, 2025 7 min read

Keycloak HIPAA Audit Logging: Meeting OCR Investigation Requirements

guides

Identity Service Procurement: Contract Negotiation and SLA Requirements

Navigate IAM procurement with essential contract negotiation strategies, SLA benchmarks, compliance requirements, and vendor evaluation best practices.

Guilliano Molaire November 12, 2025 6 min read