This story was originally published on HackerNoon at:
https://hackernoon.com/how-to-solve-real-time-auth-without-having-to-sacrifice-performance.
I will walk you through, step-by-step, how to build a fully functional, high-performance WebSocket server in Symfony that is secured by Keycloak.
Check more stories related to programming at:
https://hackernoon.com/c/programming.
You can also check exclusive content about
#symfony,
#keycloak,
#websocket,
#jwt,
#security,
#php,
#websockets,
#jwt-authentication, and more.
This story was written by:
@mattleads. Learn more about this writer by checking
@mattleads's about page,
and for more stories, please visit
hackernoon.com.
In today’s enterprise world, authentication is almost always delegated to a central, external server: an SSO provider like Keycloak. The obvious answer, token introspection, is a performance-bottleneck nightmare. We will not be making any blocking API calls. Instead, we will perform local, cryptographic validation of KeyCloak’S JWTs using their public JSON Web Key Set.