Over the past few months, I have attempted to add a new feature to Tabunganku: authentication. I made several attempts to implement authentication, but without success. After failing to implement Spring Security for authentication, I opted for Keycloak instead. However, integrating Keycloak was no easy task either.

Tabunganku Login Page

Keycloak is a self-hosted and open-source Single Sign-On (SSO) provider. Whenever a user logs into the site using Keycloak, it returns a JSON Web Token (JWT) that contains a user’s information, such as the username and user ID. The token is sent by the frontend and decoded by the backend server. The challenging aspect was integrating Keycloak into the existing application and ensuring the transmission of the JWT token with every request. I found Keycloak documentation to be somewhat lacking, so I had to search around the internet to find the answers.

I also modified the database design because the user ID value was changed to a UUID to align with Keycloak’s user ID. I had to perform manual migration by updating the user ID value in user, transaction, and category tables. Additionally, I included first name and last name columns in the user table to sync user information from Keycloak.

In the next several posts, I will explain about the changes I made to enable authentication.