Implementation_Doubts

Do you need to call the authorization server for each request

• Do you need to call the authorization server for each request, to validate the token?
• Or we cache some private keys in the beginning and then we do not need to call the server and tokens can be validated offline? ref: https://stackoverflow.com/a/77845792/7801965
• I think IDENTITY-CONTEXT is introduced to avoid calling authorization server again and again

What is keycloak?

What is Authorization as a service?

Example Google OAuth2??