Skip to main content

providers/keycloak

Built-in Keycloak integration.

default()​

Add Keycloak login to your page.

Setup​

Callback URL​

https://example.com/api/auth/callback/keycloak

Configuration​

import Auth from "@auth/core";
import Keycloak from "@auth/core/providers/keycloak";

const request = new Request(origin);
const response = await Auth(request, {
providers: [
Keycloak({
clientId: KEYCLOAK_CLIENT_ID,
clientSecret: KEYCLOAK_CLIENT_SECRET,
issuer: KEYCLOAK_ISSUER,
}),
],
});

Resources​

tip

Create an openid-connect client in Keycloak with "confidential" as the "Access Type".

note

issuer should include the realm – e.g. https://my-keycloak-domain.com/realms/My_Realm

Notes​

By default, Auth.js assumes that the Keycloak provider is based on the Open ID Connect specification.

tip

The Keycloak provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.

Disclaimer

If you think you found a bug in the default configuration, you can open an issue.

Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.

default<P>(options: OAuthUserConfig<P>): OAuthConfig<P>

Type parameters​

  • P extends KeycloakProfile<P>

Parameters​

ParameterType
optionsOAuthUserConfig<P>

Returns​

OAuthConfig<P>