2025
Otus - MSA Auth Practice 0:00 of 1:53:51
    https://www.youtube.com/watch?v=Ab_JnRlApy8
Otus - MSA Auth Practice 0:00 of 1:51:35
    https://www.youtube.com/watch?v=6Det9XUOqIM
Stilicho2011 - How to Set Up and Tune Keycloak 0:00 of 31:09
    https://www.youtube.com/watch?v=OPk-woAkZaw
Devoxx - Authenticate and authorize users “your way” when they access your appl & platf - Alexander Schwartz 0:00 of 32:34
    https://www.youtube.com/watch?v=SR59HPXyQSE
2024
Amplicode - Koslov - Spring Security and KC 0:00 of 39:15
    https://www.youtube.com/watch?v=CYfzwTt755Q
2023
https://www.youtube.com/watch?v=vmEWywGzWbA
    https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3
    boot 3, secur 6
    23:00
    25:30
    32:30 - jwt.io debugger
    We can assign client roles to realm roles (composite:true)
    realmroles->for-specific-role->menu-action->Add associated roles
        now it is composite role
            # jwt.io: .resource_access.myclient11.roles=client11_admin,client11_user
            # https://github.com/ali-bouali/keycloak-integration-with-spring-boot-3/blob/main/src/main/java/com/alibou/keycloak/JwtAuthConverter.java
            # JwtGrantedAuthoritiesConverter -> SCOPE_, split(by space) "scope" attr of jwt

        user can also be a composite
    /realms/<relm-name>/well-known/openid-configuration
        token_endpoint
        grant_type: password
        client_id: ...
        username: ...
        password: ...
        -> refresh_token is also provided
        token can be pasted to jwt.io
        @PreAuthorize("hasRole('client_role')")
            defaultRolePrefix="ROLE_" // !!!
SelskiyJavist - Keycloak 0:00 of 37:36
    https://www.youtube.com/watch?v=vlu9FJkj6F0
2022
https://www.youtube.com/watch?v=rbKzR6QWKLI&list=PLSVW22jAG8pBnhAdq9S8BpLnZ0_jVBj0c&index=5
2021
Spilca - Software Architecture Fundamentals - Episode 16 - OAuth 2 and OpenID Connect 0:00 of 55:00
    https://www.youtube.com/watch?v=j1yOkj2JzwM&list=PLEocw3gLFc8VYPSFuQfTbqsK-0q2wDCoR&index=17
        /auth/realms/master/.well-known/openid-configuration
        /auth/realms/master/protocol/openid-connect/certs
        /auth/realms/master/protocol/openid-connect/token
        curl -XPOST "http://localhost:8080/auth/realms/master/protocol/openid-connect/token" \
          -H "Content-Type: application/x-www-form-urlencoded" \
          --data-urlencode "grant_type=password" \
          --data-urlencode "username=<usr> \
          --data-urlencode "password=<pwd> \
          --data-urlencode "scope=<scope>" \
          --data-urlencode "client_id=<client-id>"
        application.properties
            jwkSetUri=.../certs
                new JwkTokenStore(jwkSetUri) // obsolete
                ...JwtDecoder
                Provider
Slurm - Keycloak Exp ru of 3:58:09
    https://www.youtube.com/watch?v=Llvnq-n43k0