Halil Özkan

Aug 20, 2025 • World Congress 2025

Keymate – Modern Authorization for Developers

Authorization logic doesn't belong in your code. Learn how to externalize access control to your infrastructure with zero rewrites and no migrations.

#1about 2 minutes

The challenges of traditional in-code authorization logic

Hardcoded authorization checks quickly become unscalable and untestable, leading to a problem known as role explosion.

#2about 1 minute

Introducing Keymate for zero-rewrite authorization on Keycloak

Keymate extends Keycloak to provide fine-grained authorization without requiring application rewrites or data migration from existing identity providers.

#3about 1 minute

Externalizing authorization with service mesh and API gateways

Moving authorization logic out of the application code and into the infrastructure layer like a service mesh allows developers to focus on business logic.

#4about 1 minute

Using SDKs for optional fine-grained in-code control

For cases requiring more control, Keymate provides SDKs for Java, .NET, and JavaScript that support both REST and gRPC protocols.

#5about 1 minute

Leveraging an event-driven architecture for observability

Keymate is built on an event-driven model and uses OpenTelemetry to provide observability and enable parallel runs with existing systems for smooth migration.

Patronus Group
Berlin, Germany

Senior

Amazon Web Services (AWS)

Kotlin

+1

Apaleo
München, Germany

Remote

Senior

C#

Microservices

+1

MARKT-PILOT GmbH
Stuttgart, Germany

Remote

€75-90K

Senior

Java

TypeScript

+1

Crypto crime, EU regulation, and working while you sleep

01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Building trust through honest developer advocacy

02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Improving the developer feedback loop with specialized tools

03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Selecting strategic partners and essential event tools

03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Shifting from traditional CVs to skill-based talent management

05:17 MIN

Shifting from traditional CVs to skill-based talent management

From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages

Making accessibility tooling actionable and encouraging

03:58 MIN

Making accessibility tooling actionable and encouraging

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Preventing exposed API keys in AI-assisted development

03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Malware campaigns, cloud latency, and government IT theft

01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Featured Partners

Un-complicate authorization maintenance

Un-complicate authorization maintenance

Alex Olivier

about 2 years ago • WeAreDevelopers LIVE

Delegating the chores of authenticating users to Keycloak

Delegating the chores of authenticating users to Keycloak

Alexander Schwartz

about 5 months ago • World Congress 2025

Keycloak case study: Making users happy with service level indicators and observability

Keycloak case study: Making users happy with service level indicators and observability

Alexander Schwartz

about 5 months ago • World Congress 2025

Decoupled Authorization using Policy as Code

Decoupled Authorization using Policy as Code

Anderson Dadario & Denys Vitali

about 5 years ago • WeAreDevelopers LIVE

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

about a year ago • WeAreDevelopers LIVE

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Delay the AI Overlords: How OAuth and OpenFGA Can Keep Your AI Agents from Going Rogue

Deepu

about 5 months ago • World Congress 2025

Kalo: From Code Chaos to One-Click Polyglot Codegen

Kalo: From Code Chaos to One-Click Polyglot Codegen

Brennan Nunamaker

about 5 months ago • World Congress 2025

Get started with securing your cloud-native Java microservices applications

Get started with securing your cloud-native Java microservices applications

Thomas Südbröcker

about 5 years ago • WeAreDevelopers LIVE

Related Articles

View all articles

DC

Daniel Cranney

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

This week, we’re continuing our look-back on some of the best moments from the Weekly Developer Show from 2025. Here’s what some of our fantastic guests had to say… Sebastian Gingter cracked open the idea of “slopsquatting” and explained why we shou...

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

DC

Daniel Cranney

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

In this, the third and final part of our series looking back on the best bits from the Weekly Developer Show, we dig into some more classic moments from our guests for you to enjoy. Raphael De Lio reminds us that contributing to open source - and sh...

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

CH

Chris Heilmann

With AIs wide open - WeAreDevelopers at All Things Open 2025

Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...

With AIs wide open - WeAreDevelopers at All Things Open 2025

CH

Chris Heilmann

The Future of Open Source: A Deep Dive - Scott Chacon at WeAreDevelopers World Congress 2024

Scott gave us an exciting look into the future of open source in his talk at the WeAreDevelopers World Congress 2024! Discover how the community evolves, lessons from GitHub, and the challenges of today's open source landscape. Check out the video:He...

The Future of Open Source: A Deep Dive - Scott Chacon at WeAreDevelopers World Congress 2024

From learning to earning

Jobs that call for the skills explored in this talk.

Fullstack Software Engineer (f/m/d)

meshcloud GmbH

Remote

Intermediate

Senior

Java

TypeScript Software Engineer (m/w/d)

Confideck GmbH
Vienna, Austria

Remote

Intermediate

Senior

Node.js

MongoDB

TypeScript

Senior Software Engineer (Frontend)

awork GmbH
Hamburg, Germany

€75-90K

Senior

React

Angular

TypeScript

Keycloak & IAM Solutions Architekt

Westhouse Consulting GmbH
Frankfurt am Main, Germany

REST

Docker

Ansible

Grafana

Openshift

+4

Senior (Lead) Softwareentwickler IAM/Keycloak (all genders)

init AG
Köln, Germany

Senior

Java

Spring

Continuous Integration

Senior (Lead) Softwareentwickler IAM/Keycloak (all genders)

init AG
Mainz, Germany

Senior

Java

Spring

Continuous Integration

Senior (Lead) Softwareentwickler IAM/Keycloak (all genders)

init AG
Berlin, Germany

Senior

Java

Spring

Continuous Integration

Senior (Lead) Softwareentwickler IAM/Keycloak (all genders)

init AG
München, Germany

Senior

Java

Spring

Continuous Integration

Senior (Lead) Softwareentwickler IAM/Keycloak (all genders)

init AG
Hamburg, Germany

Senior

Java

Spring

Continuous Integration