26. Access token / Refresh token
Access token grants access to ressources
Refresh token allows user to renew the access
27. What are claims?
Who you are
What you can do (groups, roles, ...)
No need to register in the your app first!
28. How is that "more" secure?
Password goes to a single app (idp)
Only claims get out of the idp
End application does not have your password
Token has short expiry
Keycloak allows easy audit and centralize
advanced auth mechanism