keycloak-spring-boot-starter for Spring Boot 2.2.4.RELEASE

Question

In my Spring Boot application, I'm integrating Keycloak to externalize the security. The version of the Spring Boot I use in my project is 2.2.4.RELEASE, however I checked the latest Keycloak 8 pom.xml and in it's dependencies, there is a hardcoded version of Spring Boot 2.0.3.RELEASE in file org/keycloak/keycloak-spring-boot-starter/8.0.2/keycloak-spring-boot-starter-8.0.2.pom

    <properties>
      <spring-boot.version>2.0.3.RELEASE</spring-boot.version>
    </properties>

How to solve this problem without Spring Boot version downgrade? I can't change the keycloak version, other in our solution systems use it. I also don't want Spring Boot to drive all the other versions, not the Keycloak, which is just one of many other components.

Answer 1

Keycloak produces OpenID complient JWT. Configuring spring-security to parse this JWT into something else than KeycloackAuthenticationToken is not so hard.

As so, you don't have to use their lib. You may use instead JwtAuthenticationToken or any other Authentication of your choice, even create one of your own.

In a repo of mine, you'll find a short tutorial and a few working samples for both servlet and reactive apps.

Note in above samples, OAuthenticationToken<OpenidClaimSet> is an Authentication implementation I created to work with OpenID authorizations servers (not only Keycloak). Source are in the same repo.

Answer 2

Current I am using below dependency, I followed this youtube tutorial for integrating keykloak to spring boot, & It works fine.

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>

Hope it will help.