providers/keycloak
KeycloakProfile
Extends
Record<string,any>
Properties
acr
acr: string;at_hash
at_hash: string;aud
aud: string;auth_time
auth_time: number;azp
azp: string;email: string;email_verified
email_verified: boolean;exp
exp: number;family_name
family_name: string;given_name
given_name: string;iat
iat: number;iss
iss: string;jti
jti: string;name
name: string;picture
picture: string;preferred_username
preferred_username: string;session_state
session_state: string;sid
sid: string;sub
sub: string;typ
typ: string;user
user: any;default()
default<P>(options): OAuthConfig<P>Add Keycloak login to your page.
Setup
Callback URL
https://example.com/api/auth/callback/keycloak
Configuration
import { Auth } from "@auth/core"
import Keycloak from "@auth/core/providers/keycloak"
const request = new Request(origin)
const response = await Auth(request, {
providers: [
Keycloak({
clientId: KEYCLOAK_CLIENT_ID,
clientSecret: KEYCLOAK_CLIENT_SECRET,
issuer: KEYCLOAK_ISSUER,
}),
],
})Resources
Create an openid-connect client in Keycloak with “confidential” as the “Access Type”.
issuer should include the realm – e.g. https://my-keycloak-domain.com/realms/My_Realm
Notes
By default, Auth.js assumes that the Keycloak provider is based on the Open ID Connect specification.
The Keycloak provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.
Disclaimer If you think you found a bug in the default configuration, you can open an issue.
Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.
Type parameters
| Type parameter |
|---|
P extends KeycloakProfile |
Parameters
| Parameter | Type |
|---|---|
options | OAuthUserConfig<P> |
Returns
OAuthConfig<P>