Keymate Blog | Articles and Resources
A deep dive into Keycloak Authorization Services: how Resource Servers, Resources, Scopes, Policies, and Permissions fit together, and exactly how Keycloak decides permit or deny.
Eren Kan · Software Engineer
June 2026
Fine-Grained Authorization for AI Agents: How It Works in ProductionHow Keymate enforces fine-grained authorization for AI agents: declarative policies, a centralized engine, and consistent design-time/runtime enforcement.Hüseyin Akdoğan
June 2026
Why AI Agents Need Fine-Grained AuthorizationAuthentication tells us who the agent is. The harder question is what data it can reach, under what conditions, and on whose behalf. The April 2026 PocketOS incident, in which an autonomous coding agent deleted a production database in nine seconds, showed what happens when no one is answering it.Hüseyin Akdoğan
May 2026
AI Agent Authorization: From Java Day Demo to Open Source ToolkitAt Java Day Istanbul 2026, we asked one question: once an AI agent has a valid token, who decides what data it can reach? This post recaps what we showed on stage, what we open-sourced afterwards, and how the deeper blog series picks up the thread.Hüseyin Akdoğan
May 2026
Latest Posts
Beyond the Default Image: Hardening Keycloak for Enterprise Production
The default Keycloak image is a strong baseline, not a hardened production runtime. Here is how we rebuilt it on Wolfi OS, with three-tier CVE management, non-root execution, and a Quarkus-optimized runtime.Ali Tuğrul Pınar
April 2026
What is Keycloak? A Developer's Introduction to Identity and Access Management
Learn what Keycloak is, how Identity and Access Management works, and why Keycloak is the leading open-source IAM solution for modern applications.Muhammed Oğuz
April 2026
Beyond Bearer Tokens: Implementing DPoP for Modern Enterprise Identity
Bearer tokens are like cash: anyone who holds them can spend them. DPoP (RFC 9449) binds tokens to cryptographic keys so stolen tokens become useless. Here is how we implemented it.Eren Kan
April 2026
Massive Identity Migration to Keycloak: Tuning the Pipeline for 12 Million Records per Hour
How cutting resources in half made our Keycloak migration six times faster. A deep dive into the performance bottlenecks, metrics, and tuning decisions that increased migration throughput from 2M to 12M identities per hour.Hüseyin Akdoğan
February 2026
Keymate's Guide to Reactive Data Migration
Designing a Restartable, Lossless, High-Throughput Migration Pipeline with database-backed work queues, bounded concurrency, and reactive execution.Hüseyin Akdoğan
January 2026
How Keymate Migrated 20+ Million Identities to Keycloak
Migrating 20+ million identities is not a data copy problem. It is a controlled, observable, and failure-aware process. Learn how Keymate safely migrated a large-scale IAM system to Keycloak without downtime or silent data loss.Hüseyin Akdoğan
December 2025