please-open.it

A custom http header to token claim mapper for Keycloak Map an HTTP header value to a claim in a token. This solution was needed for a specific use case : keep the user locale.

Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process

blog.please-open.it/posts/keyclo...

31.07.2025 08:30 — 👍 0    🔁 1    💬 0    📌 0

We built a desktop JWT decoder, directly accessible from the system tray :

blog.please-open.it/posts/jwt_de...

github.com/please-openi...

30.07.2025 10:26 — 👍 2    🔁 0    💬 0    📌 1

User Agent Filter Authenticator We develop a new plugin for Keycloak that filters the user-agent header on authentication request.

An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents"
blog.please-open.it/posts/user-a...

05.06.2025 07:43 — 👍 0    🔁 1    💬 0    📌 0

Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

Deploy keycloak on dokku
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...

30.12.2024 17:15 — 👍 1    🔁 2    💬 0    📌 0

In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles.
blog.please-open.it/full-scope-a...

02.12.2024 12:43 — 👍 0    🔁 1    💬 1    📌 1

Please Open It Blog Keycloak as a service - oauth2/openid connect consulting

a "no code" event-listener for Keycloak with @n8n-io.bsky.social
blog.please-open.it/event-listen...

20.11.2024 09:52 — 👍 1    🔁 2    💬 0    📌 0

Our vision about authorizations After years of consulting, we created our own authorization platform

How and why we built our own authorizations platform. Spoiler : avoid "authorizations as code" platforms, what you need is a specific data model for your needs
blog.please-open.it/authz/

06.11.2023 13:33 — 👍 5    🔁 2    💬 0    📌 0