#KEYCLOAK DevDay 2026: From Pods to Permissions: Token Exchange Meets Kubernetes Service Identity

S👉 This talk is from KEYCLOAK DevDay Community Conference 2026: https://keycloak-day.dev Speaker: Sven-Torben Janus #Token #Exchange has become a foundational pattern for secure service-to-service authentication in Keycloak. With the recent Standard Token Exchange introduced, implementing least-privilege delegation across services is more streamlined than ever. In this talk, we take it a step further: leveraging Kubernetes projected service account tokens to authenticate workloads to Keycloak. Using trusted JWKS clients and external token validation (introduced in Keycloak 26.4 as a preview), services can authenticate without shared secrets - enabling cleaner and more secure integration in cloud-native environments. Thanks for watching! Don't forget to subscribe 🔔 to my channel (if not already done) and give this video some thumbs up 👍 (aka "like"). Tell me about your experiences and thoughts about this topic in the comments. I'm looking forward to it! Thank YOU! --- I'm Niko - and I'm your Expert for Keycloak IAM & SSO and an independent freelance software consultant, developer and trainer. I'm here to help - you, your team and your company. How can I support you? Just get in contact: 🌎 Website: https://www.n-k.de 🔗 LinkedIn:   / dasniko   🚧 GitHub Profile: https://github.com/dasniko 🦣 Mastodon: https://mastodon.cloud/@dasniko 🎥 YouTube Channel:    / @dasniko   All things Java, All-End (Frontend, Backend, Fullstack Deployments), Authentication, Security 🔐, IAM, Keycloak, Containers, DevOps, Cloud ☁️, Serverless, On-Premise Please understand that YouTube Comments are not a good place to get support in case of questions and errors. There are forums and groups out there (see links above) which are the right place to ask!