add Keycloak provider

nextauthjs · Aug 18, 2021 · ffbec8e · ffbec8e
1 parent e06ced5
commit ffbec8e
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 0 deletions.
diff --git a/app/.env.local.example b/app/.env.local.example
@@ -13,6 +13,10 @@ AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
+KEYCLOAK_ID=
+KEYCLOAK_SECRET=
+KEYCLOAK_ISSUER=
+
 IDS4_ID=
 IDS4_SECRET=
 IDS4_ISSUER=

diff --git a/app/pages/api/auth/[...nextauth].ts b/app/pages/api/auth/[...nextauth].ts
@@ -2,6 +2,7 @@ import NextAuth from "next-auth"
 import EmailProvider from "next-auth/providers/email"
 import GitHubProvider from "next-auth/providers/github"
 import Auth0Provider from "next-auth/providers/auth0"
+import KeycloakProvider from "next-auth/providers/keycloak"
 import TwitterProvider from "next-auth/providers/twitter"
 import CredentialsProvider from "next-auth/providers/credentials"
 import IDS4Provider from "next-auth/providers/identity-server4"
@@ -77,6 +78,11 @@ export default NextAuth({
       clientSecret: process.env.AUTH0_SECRET,
       issuer: process.env.AUTH0_ISSUER,
     }),
+    KeycloakProvider({
+      clientId: process.env.KEYCLOAK_ID,
+      clientSecret: process.env.KEYCLOAK_SECRET,
+      issuer: process.env.KEYCLOAK_ISSUER,
+    }),
     Twitch({
       clientId: process.env.TWITCH_ID,
       clientSecret: process.env.TWITCH_SECRET,

diff --git a/src/providers/keycloak.js b/src/providers/keycloak.js
@@ -0,0 +1,20 @@
+/** @type {import("types/providers").OAuthProvider} */
+export default function Keycloak(options) {
+  return {
+    id: "keycloak",
+    name: "Keycloak",
+    wellKnown: `${options.issuer}/.well-known/openid-configuration`,
+    type: "oauth",
+    authorization: { params: { scope: "openid email profile" } },
+    checks: ["pkce", "state"],
+    idToken: true,
+    profile(profile) {
+      return {
+        id: profile.sub,
+        name: profile.name,
+        email: profile.email,
+      }
+    },
+    options,
+  }
+}
diff --git a/www/docs/providers/keycloak.md b/www/docs/providers/keycloak.md
@@ -0,0 +1,41 @@
+---
+id: keycloak
+title: Keycloak
+---
+
+## Documentation
+
+https://www.keycloak.org/docs/latest/server_admin/#_oidc_clients
+
+## Configuration
+
+:::tip
+Create an openid-connect client in Keycloak with "confidential" as the "Access Type".
+:::
+
+## Options
+
+The **Keycloak Provider** comes with a set of default options:
+
+- [Keycloak Provider options](https://github.com/nextauthjs/next-auth/blob/main/src/providers/keycloak.js)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```js
+import Providers from `next-auth/providers`
+...
+providers: [
+  Providers.Keycloak({
+    clientId: process.env.KEYCLOAK_ID,
+    clientSecret: process.env.KEYCLOAK_SECRET,
+    issuer: process.env.KEYCLOAK_ISSUER,
+  })
+]
+...
+```
+
+:::note
+`issuer` should include the realm – e.g. `https://my-keycloak-domain.com/auth/realms/My_Realm`
+:::