With the help of Keycloak, a third-party open-source Identity, and Access Management server, we create users and assign roles to them. A JWT token is generated when the user hits the Keycloak server with his credentials. This JWT access_token is passed in the headers of the HTTP request to the APIs, In the Golang project, the access_token is verified against the Keycloak server. If the signature is valid then the scope’s obtained from the access_token is validated and the user is authorized accordingly.
Let’s name Our Go Microservice as DemoService. In this service, we create two APIs, one is the getPetsSearch API which returns pets with the name searched. Other is the getPetDetails API which returns the details of the pet. Now, we try to authenticate these two APIs with the users created in Keycloak.
Keycloak Installation and steps to generate a token from scratch:
Keycloak is an Open Source Identity and Access Management that adds authentication to the applications and secure services with minimum fuss. With the help of the Keycloak, it is easy to create, manage and assign scopes to the users.
Installation: