#KEYCLOAK DevDay 2026: Implementing the Phantom Token Pattern with Keycloak | Thomas Darimont

👉 This talk is from KEYCLOAK DevDay Community Conference 2026: https://keycloak-day.dev Most Keycloak users rely on enriched access tokens. This approach is efficient but often overexposes information, especially when those tokens are exposed to external parties. The Phantom Token Pattern offers an alternative: combining privacy-preserving opaque-style minimal tokens with backend tokens. This talk introduces the concept, explains how it aligns with Keycloak’s capabilities, and demonstrates how to implement it using lightweight tokens and an API gateway. Discover how to enhance privacy and control in your token architecture without compromising performance. Thanks for watching! Don't forget to subscribe 🔔 to my channel (if not already done) and give this video some thumbs up 👍 (aka "like"). Tell me about your experiences and thoughts about this topic in the comments. I'm looking forward to it! Thank YOU! --- I'm Niko - and I'm your Expert for Keycloak IAM & SSO and an independent freelance software consultant, developer and trainer. I'm here to help - you, your team and your company. How can I support you? Just get in contact: 🌎 Website: https://www.n-k.de 🔗 LinkedIn:   / dasniko   🚧 GitHub Profile: https://github.com/dasniko 🦣 Mastodon: https://mastodon.cloud/@dasniko 🎥 YouTube Channel:    / @dasniko   All things Java, All-End (Frontend, Backend, Fullstack Deployments), Authentication, Security 🔐, IAM, Keycloak, Containers, DevOps, Cloud ☁️, Serverless, On-Premise Please understand that YouTube Comments are not a good place to get support in case of questions and errors. There are forums and groups out there (see links above) which are the right place to ask!