please-open.it
@please-open-it.bsky.social
We can help you on your authentication
Keycloak experts
Keycloak experts
An authentication proxy is the best pattern for deploying SSO on existing and new apps.
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...
Authentication Proxy: Simplify Authentication in Any Application
Discover how to add authentication to any application without code changes using our NGINX-based OpenID Connect proxy. Separate authentication from development, define public vs private URLs, and depl...
blog.please-open.it
December 23, 2025 at 10:51 AM
An authentication proxy is the best pattern for deploying SSO on existing and new apps.
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...
The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers.
blog.please-open.it/posts/auth-p...
After oidc-bash, we tried to make a JWT Decoder in bash. It was so complicated with the signatures!
github.com/please-openi...
github.com/please-openi...
GitHub - please-openit/jwt-decode-bash: a bash script to decode and verify jwt tokens
a bash script to decode and verify jwt tokens. Contribute to please-openit/jwt-decode-bash development by creating an account on GitHub.
github.com
December 2, 2025 at 8:20 AM
After oidc-bash, we tried to make a JWT Decoder in bash. It was so complicated with the signatures!
github.com/please-openi...
github.com/please-openi...
Another module for Keycloak :
user attribute regexp mapper
Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.
github.com/please-openi...
user attribute regexp mapper
Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.
github.com/please-openi...
GitHub - please-openit/keycloak-user-attribute-regexp-mapper
Contribute to please-openit/keycloak-user-attribute-regexp-mapper development by creating an account on GitHub.
github.com
November 27, 2025 at 9:59 AM
Another module for Keycloak :
user attribute regexp mapper
Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.
github.com/please-openi...
user attribute regexp mapper
Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches.
github.com/please-openi...
New Keycloak module : groups regexp mapper. Map only groups (to a token, userinfo...) that only matches to a RegExp
github.com/please-openi...
github.com/please-openi...
GitHub - please-openit/keycloak-groups-regexp-mapper
Contribute to please-openit/keycloak-groups-regexp-mapper development by creating an account on GitHub.
github.com
November 6, 2025 at 11:23 AM
New Keycloak module : groups regexp mapper. Map only groups (to a token, userinfo...) that only matches to a RegExp
github.com/please-openi...
github.com/please-openi...
Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process
blog.please-open.it/posts/keyclo...
blog.please-open.it/posts/keyclo...
A custom http header to token claim mapper for Keycloak
Map an HTTP header value to a claim in a token. This solution was needed for a specific use case : keep the user locale.
blog.please-open.it
July 31, 2025 at 8:30 AM
Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process
blog.please-open.it/posts/keyclo...
blog.please-open.it/posts/keyclo...
We built a desktop JWT decoder, directly accessible from the system tray :
blog.please-open.it/posts/jwt_de...
github.com/please-openi...
blog.please-open.it/posts/jwt_de...
github.com/please-openi...
July 30, 2025 at 10:26 AM
We built a desktop JWT decoder, directly accessible from the system tray :
blog.please-open.it/posts/jwt_de...
github.com/please-openi...
blog.please-open.it/posts/jwt_de...
github.com/please-openi...
An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents"
blog.please-open.it/posts/user-a...
blog.please-open.it/posts/user-a...
User Agent Filter Authenticator
We develop a new plugin for Keycloak that filters the user-agent header on authentication request.
blog.please-open.it
June 5, 2025 at 7:43 AM
An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents"
blog.please-open.it/posts/user-a...
blog.please-open.it/posts/user-a...
Deploy keycloak on dokku
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...
Please Open It Blog
Keycloak as a service - oauth2/openid connect consulting
please-open.it
December 30, 2024 at 5:15 PM
Deploy keycloak on dokku
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...
Ready for production, with themes and SPIs built directly
please-open.it/blog/keycloa...
In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles.
blog.please-open.it/full-scope-a...
blog.please-open.it/full-scope-a...
December 2, 2024 at 12:43 PM
In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles.
blog.please-open.it/full-scope-a...
blog.please-open.it/full-scope-a...
a "no code" event-listener for Keycloak with @n8n-io.bsky.social
blog.please-open.it/event-listen...
blog.please-open.it/event-listen...
Please Open It Blog
Keycloak as a service - oauth2/openid connect consulting
blog.please-open.it
November 20, 2024 at 9:52 AM
a "no code" event-listener for Keycloak with @n8n-io.bsky.social
blog.please-open.it/event-listen...
blog.please-open.it/event-listen...
How and why we built our own authorizations platform. Spoiler : avoid "authorizations as code" platforms, what you need is a specific data model for your needs
blog.please-open.it/authz/
blog.please-open.it/authz/
Our vision about authorizations
After years of consulting, we created our own authorization platform
blog.please-open.it
November 6, 2023 at 1:33 PM
How and why we built our own authorizations platform. Spoiler : avoid "authorizations as code" platforms, what you need is a specific data model for your needs
blog.please-open.it/authz/
blog.please-open.it/authz/