#KEYCLOAK DevDay 2026: Mobile apps authentication with Keycloak - navigating the pitfalls
👉 This talk is from KEYCLOAK DevDay Community Conference 2026: https://keycloak-day.dev Speaker: Waldemar Korłub #OAuth 2.1 recommends Authorization Code Flow with #PKCE for all clients with user presence - including mobile apps. With off-the-shelf mobile libraries readily available, it may seem rather straightforward at first. However, between privacy features that limit cookies visibility across mobile apps and hinder SSO, security features that change redirect handling depending on user's interaction (or lack of it), iOS/Android discrepancies, UX designer complains about disconnected experience, superfluous system prompts and flickering between views - it becomes quite challenging to navigate around the pitfalls. In this talk I will discuss the challenges related to integrating mobile apps with Keycloak, what makes them different from web applications and how to handle them using both built-in Keycloak features and custom extensions. I will also discuss what is brewing for the future, e.g. the #OIDC Native #SSO for Mobile Apps 1.0 spec (still in draft as of this writing). Thanks for watching! Don't forget to subscribe 🔔 to my channel (if not already done) and give this video some thumbs up 👍 (aka "like"). Tell me about your experiences and thoughts about this topic in the comments. I'm looking forward to it! Thank YOU! --- I'm Niko - and I'm your Expert for Keycloak IAM & SSO and an independent freelance software consultant, developer and trainer. I'm here to help - you, your team and your company. How can I support you? Just get in contact: 🌎 Website: https://www.n-k.de 🔗 LinkedIn: / dasniko 🚧 GitHub Profile: https://github.com/dasniko 🦣 Mastodon: https://mastodon.cloud/@dasniko 🎥 YouTube Channel: / @dasniko All things Java, All-End (Frontend, Backend, Fullstack Deployments), Authentication, Security 🔐, IAM, Keycloak, Containers, DevOps, Cloud ☁️, Serverless, On-Premise Please understand that YouTube Comments are not a good place to get support in case of questions and errors. There are forums and groups out there (see links above) which are the right place to ask!
#KEYCLOAK DevDay 2026: From Pods to Permissions: Token Exchange Meets Kubernetes Service Identity
#KEYCLOAK DevDay 2026: Scaling Trust: Building Multi-Region mTLS for Keycloak | Luis Rubiera
#KEYCLOAK DevDay 2026: Replacing Keycloak's Infinispan Caches with Redis/Valkey
7 Authentication Concepts Every Developer Should Know
More Designs, Same Standards by Remi Denoyer , Lead Data Scientist, Behaviorally
#KEYCLOAK DevDay 2026: Implementing the Phantom Token Pattern with Keycloak | Thomas Darimont
#KEYCLOAK DevDay 2026: From Zero to Keycloak: Scaling Identity at Gusto | Espen Roth & Ankur Agrawal
Full App Building Course with Cursor (3+ Hours)
#KEYCLOAK DevDay 2026: DPoP in Practice: Preventing Token Replay Attacks | Halil Özkan & Eren Kan
#KEYCLOAK DevDay 2026: The Passkey Journey | Steffen Ritter
Tutorial: Auth for Remote MCP Servers (Step by Step) | OAuth 2.1 with ScaleKit
#KEYCLOAK DevDay 2026: Protectors of the Realm: Breaking and Fixing Keycloak Configurations
200 DIOS TE DICE HOY: ESCUCHA ESTO ANTES DE DORMIR, MI VOZ TE DARÁ PAZ Y DESCANSO
ASP.NET Core Full Course For Beginners (.NET 10)
How Proctor’s texts in Karen Read lawsuit could free dangerous criminals
Passkeys Explained: Are They Actually Better Than Passwords?
System Design Course – APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
#KEYCLOAK DevDay 2026: Dynamic Features for Modular Keycloak Extensions | Frank Tripp
#KEYCLOAK DevDay 2026: Keycloak and #EUDI-Wallet: A match made in heaven?
