DEV Community: Threshika Vijayakumar

Keycloak: The Open-Source Hero Behind Secure Logins

Threshika Vijayakumar — Sun, 26 Oct 2025 16:11:40 +0000

Every time you click “Login with Google” or “Sign in with GitHub,” a complex dance happens in the background: tokens are exchanged, your identity is verified, and permissions are granted, all in a matter of seconds.

While many developers rely on cloud services like AWS Cognito or Firebase Authentication, there’s a powerful open-source alternative that gives you full control over authentication and user management: Keycloak.

What is Keycloak?

Keycloak is an open-source Identity and Access Management (IAM) solution developed by Red Hat.
It helps developers add authentication, authorization, and single sign-on (SSO) to their applications without writing security code from scratch.

In simple terms:

Keycloak helps you manage who can access your application, how they log in, and what permissions they have.

Why Keycloak When There Are So Many Cloud Options?

You might wonder why not use AWS Cognito, Firebase Auth, or Azure AD instead?

Here’s what makes Keycloak special:

Open Source
Self-hosted
Easy Integration

Keycloak in a Nutshell

Realm – Your own isolated space managing users, roles, and clients. (You can have multiple realms like dev, test, prod.)

User – Represents a person or service that can log in. Can be created manually, registered, or linked via external IdPs.

Client – Any app using Keycloak for login (e.g., frontend, backend). Defines redirect URIs, access type, and permissions.

Identity Provider (IdP) – External service verifying user identity (e.g., Google, GitHub, Azure AD, AWS Cognito, GCP). Keycloak connects them all in one place.

Hands-On: Run Keycloak Using Docker

Step 1: Pull the Keycloak Image

docker pull quay.io/keycloak/keycloak:latest

Step 2: Run Keycloak in Development Mode

docker run -d \
  --name keycloak \
  -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  quay.io/keycloak/keycloak:latest start-dev

Step 3: Log in to the Admin Console

Go to:
http://localhost:8080
Login using:
Username: admin
Password: admin

You’ll see the Keycloak dashboard with options to manage realms, users, and clients.

Step 4: Create a Realm

Click on the top-left dropdown → Create Realm
Name it (e.g., myapp-realm)
Save

Step 5: Add a Client

Go to Clients → Create Client
Name: react-app
Root URL: http://localhost:3000 (your app’s URL)
Save and configure redirect URIs

Step 6: Add a User

Go to Users → Add User
Set username (e.g., john)
Go to Credentials tab → Set password
Enable Temporary Password = OFF

My Experience Working with Keycloak

Recently, I came across Keycloak while exploring secure authentication. I started experimenting with it, and soon I was able to integrate the latest Keycloak Quarkus version (previously, it was based on WildFly). The new Quarkus-based version felt significantly lighter, started faster, and was easier to configure, which made the entire setup experience smoother.

However, it wasn’t without challenges. One of the main issues I faced was with webhook-like event integrations, which weren’t available directly through the UI. I had to configure them manually using Keycloak’s event listener mechanism. Since Keycloak is open-source and fully extensible, I could add custom logic and workarounds, but it took some digging through the documentation to get it right.

Another challenge was handling redirect URIs and token configurations for clients. A small mismatch in redirect URLs or access type (public vs. confidential) can cause authentication loops or token errors. Understanding how Keycloak issues tokens and how the client consumes them took some trial and error, but once it clicked, the flow made perfect sense.

Despite these hurdles, the experience was amazing. Once the integration was complete, authentication and user management became seamless. It felt rewarding to see how flexible and powerful Keycloak can be when you really understand its structure and flow.

When you finally get Keycloak working after the setup struggle 😎

Final Thoughts

Authentication is a complex but critical part of every application.
Instead of building your own login system and handling tokens manually, Keycloak provides a ready-to-use, secure, and flexible identity management solution.

Whether you’re securing a single web app or managing microservices in the cloud, Keycloak simplifies identity so you can focus on building your core product.

Start your Keycloak journey today because secure login doesn’t have to be hard.

Redis Explained: The Secret Ingredient Behind Fast Apps & Smooth DevOps

Threshika Vijayakumar — Wed, 15 Oct 2025 18:18:49 +0000

Have you ever wondered how apps like Instagram, Netflix, or GitHub handle millions of users without breaking a sweat?
How do they make things load instantly, even when thousands of people are online at the same time?

The secret sauce is often something hidden behind the scenes, a little hero called Redis.

What Exactly is Redis?

Redis stands for Remote Dictionary Server, but don’t let the name scare you.
Think of Redis as a super-speedy notepad that your app can use to remember things temporarily (or even permanently, if you want).

It’s an open-source, in-memory data store, which means it keeps your data in RAM instead of a hard drive. And since RAM is way faster than disk, Redis can respond in microseconds, which is why it’s so popular.

It can act as:

A database (for storing data)
A cache (for speeding up responses)
A message broker (for managing queues & communication)

How Redis Works?

Redis stores data in the form of key-value pairs like a dictionary in Python, a Map in JavaScript, or a HashMap in Java.

Key: "user:101"
Value: "{name: 'Threshika', age: 22, country: 'India'}"

You can set, get, update, or delete values using simple commands:

SET user:101 "Threshika"
GET user:101

Setting Up Redis Using Docker

Now that you know what Redis is, let’s actually run it!

The easiest way to get started is by using Docker no installation headaches, just pull and run.

If you have Docker installed, open your terminal and run:

docker pull redis/redis-stack

This pulls the Redis Stack image, which includes Redis plus extra features like RedisInsight (a UI tool) and modules for JSON, Search, and Graph.

Once pulled, start the container with:

docker run -d --name redis-stack -p 6379:6379 -p 8001:8001 redis/redis-stack

Port 6379 → Redis server
Port 8001 → RedisInsight dashboard (http://localhost:8001)

Now Redis is up and running inside Docker!
You can connect to it using any Redis client or CLI:

redis-cli

Redis in Development: The Developer’s Superpower

Redis isn’t just about speed; it helps developers build smarter and more efficient apps.

Caching for Instant Responses

Your backend can cache database queries or API results in Redis, so users don’t have to wait every time.

Example:
If a user opens your profile page 10 times, your app fetches it from Redis instead of reloading everything from the database again and again.

Session Storage

Web apps use Redis to store user sessions, those tiny pieces of data that remember you’re logged in.
If you’ve ever been logged into a website even after closing your browser, there’s a good chance Redis was behind it.

Real-Time Applications

Redis has a Pub/Sub (Publish/Subscribe) feature that makes it ideal for chat apps, live notifications, or multiplayer games, allowing updates to be sent to users instantly.

Queues and Background Jobs

Redis Lists and Streams are great for managing background tasks like sending emails or processing payments asynchronously.

Redis in DevOps: The Backbone of Speed and Reliability

Developers use Redis in their code, but DevOps engineers rely on it to make entire systems faster and more reliable.

Here’s how,

Shared Caching Layer Across Microservices

In large systems, Redis acts as a central cache, helping multiple microservices share data efficiently.

Message Broker for Smooth Communication

Redis Streams enable services to communicate with each other. One service sends a message, another receives it, and processes it. This is how scalable systems handle background work seamlessly.

CI/CD Optimization

In DevOps pipelines, Redis stores temporary build data, job states, and cache dependencies to speed up deployment times.

Scalable Infrastructure

Redis runs beautifully inside Docker, Kubernetes, or cloud platforms like AWS, Azure, and Google Cloud. It can even be clustered for high availability, with no single point of failure.

Wrapping Up: Why Redis is Worth Learning

Redis is more than just a tool; it’s a mindset of speed, simplicity, and scalability.
Whether you’re building a small side project or managing a large-scale distributed system, Redis fits right in.

Once you start using Redis, you’ll realize how much time and effort it saves and how much faster your apps feel.

Final Thought

Redis isn’t just for developers or DevOps; it’s for anyone who loves building things that feel instant.
Learn it once, and you’ll find yourself using it everywhere.