Job Description
OpenID Connect (OIDC) flows (Auth Code + PKCE, Implicit, Client Credentials), OAuth 2.0 grants/scopes/claims. SAML 2.0 basics if you integrate with legacy SPs/IdPs. Identity brokering vs user federation, trust relationships, metadata, certificates, signing & encryption keys. Tokens: ID/Access/Refresh tokens, claims, lifetimes, signature algorithms (RS256/ES256), JWKS. Authentication vs authorization: authentication flows, authorization services (UMA‑style resource‑based auth), policies and permission models. Keycloak SPIs (Service Provider Interfaces) & provider packaging. Java 11+ Maven build tooling; Understanding of Keycloak server architecture: realms, sessions, caches. Authentication flows & executions (understanding the built‑in execution types and requirements). JavaScript for script authenticators/policies (note: scripting may be disabled or restricted in some deployments for security). FreeMarker templates (*.ftl), HTML/CSS