How to Solve Real-Time Auth Without Having to Sacrifice Performance

This story was originally published on HackerNoon at: https://hackernoon.com/how-to-solve-real-time-auth-without-having-to-sacrifice-performance. I will walk you through, step-by-step, how to build a fully functional, high-performance WebSocket server in Symfony that is secured by Keycloak. Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #symfony, #keycloak, #websocket, #jwt, #security, #php, #websockets, #jwt-authentication, and more. This story was written by: @mattleads. Learn more about this writer by checking @mattleads's about page, and for more stories, please visit hackernoon.com. In today’s enterprise world, authentication is almost always delegated to a central, external server: an SSO provider like Keycloak. The obvious answer, token introspection, is a performance-bottleneck nightmare. We will not be making any blocking API calls. Instead, we will perform local, cryptographic validation of KeyCloak’S JWTs using their public JSON Web Key Set.