Keycloak client vs user

U

3

26

I understand that keycloak has built-in clients and we add the users later on.

But in general, what is the difference between a client and a user in Keycloak?

Uprush answered 5/3, 2018 at 10:0 Comment(0)

S

14

In short words, not only for keycloak but for OAuth and OpenId Connect too, a client represents a resource which some users can access. The built-in clients for keycloak represent some resources for keycloak itself.

Shopwindow answered 5/3, 2018 at 20:36 Comment(4)

So can we say if an app has that allows sign-in-via-google is a client and google itself as server ? Can we say each realm is for a new client ? And KeyCloak itself is a OAuth server ? – Compander 4/8, 2018 at 16:4

1. Google would be the identity provider. 2. It depends on how the idp treats the client. 3. Keycloak is an identity provider, it supports openid connect (which is oauth based) and saml authorization protocols. – Shopwindow 4/8, 2018 at 16:59

@arpit, please, ask a separate question. – Shopwindow 4/8, 2018 at 17:57

Isn't client a third party application which wants to access a certain resource on behalf of a user(resource owner) once the authorization is provided? – Christhood 19/11, 2018 at 9:20

I

25

According to the Keycloak documentation

User - Users are entities that are able to log into your system
Client - Clients are entities that can request Keycloak to authenticate a user. Most often, clients are applications and services that want to use Keycloak to secure themselves and provide a single sign-on solution. Clients can also be entities that just want to request identity information or an access token so that they can securely invoke other services on the network that are secured by Keycloak

Icebound answered 17/12, 2019 at 9:21 Comment(0)

S

14

In short words, not only for keycloak but for OAuth and OpenId Connect too, a client represents a resource which some users can access. The built-in clients for keycloak represent some resources for keycloak itself.

Shopwindow answered 5/3, 2018 at 20:36 Comment(4)

So can we say if an app has that allows sign-in-via-google is a client and google itself as server ? Can we say each realm is for a new client ? And KeyCloak itself is a OAuth server ? – Compander 4/8, 2018 at 16:4

1. Google would be the identity provider. 2. It depends on how the idp treats the client. 3. Keycloak is an identity provider, it supports openid connect (which is oauth based) and saml authorization protocols. – Shopwindow 4/8, 2018 at 16:59

@arpit, please, ask a separate question. – Shopwindow 4/8, 2018 at 17:57

Isn't client a third party application which wants to access a certain resource on behalf of a user(resource owner) once the authorization is provided? – Christhood 19/11, 2018 at 9:20

V

9

Clients and users are two completely different constructs in keycloak.

In plain English, client is an application. Example for an application could be a e.g. yelp.com or any mobile application. Client can be a simple REST API. Keycloak's built in clients are for keycloak internal use, But any user-defined application has to be registered as a client in keycloak.

Users are the one which authenticate via keycloak to gain access to these applications/clients. Users are stored in keycloak DB or any externally hosted LDAP but synced with keycloak.

Vaporization answered 4/5, 2019 at 9:25 Comment(0)

Recommended topics

Hot tags