Keycloak-based authentication for the Gryt voice chat platform.
Centralized identity management, SSO, and token-based auth.
This repository is open source for transparency — you are not expected to host this yourself.
Gryt uses a single auth service at auth.gryt.chat. All users authenticate through it regardless of which server they connect to. This ensures identities are consistent and verifiable across the entire network — if anyone could run their own auth service, they could impersonate any user.
- Server hosts — Your server validates tokens against
auth.gryt.chat. No auth setup required. - Users — Sign up once, your identity works on every Gryt server.
- Contributors — This repo is open so you can audit and contribute. The dev setup below is only needed for working on auth itself.
| Component | Description |
|---|---|
| Keycloak | Identity provider with custom Gryt realm and themes |
| Identity | Certificate authority that binds Keycloak identities to client public keys (details) |
| HAProxy | Reverse proxy for production TLS termination |
| Bootstrap | Python scripts for automated Keycloak client configuration |
| Ops | Backup/restore tooling for the Postgres database |
Only needed if you're contributing to the auth service itself.
cp .env.example .env
./up.shStarts a local Keycloak instance via Docker Compose — completely separate from production.
See the architecture overview for how auth fits into the Gryt platform.
Please report bugs and request features in the main Gryt repository.
