Keycloak provider for Users & Permissions
Using ngrok
Keycloak accepts the localhost
urls.
The use of ngrok
is not needed.
Keycloak configuration
- Visit your Keycloak admin dashboard
- If you don't already have a realm, you'll want to create one
- In the Clients section of your realm, create a new client
- Under the capability config, ensure you set
Client Authentication
to on to ensure you can create a private key - Under the access settings, ensure you set the following values:
- Valid redirect URIs:
http://localhost:1337/api/connect/keycloak/callback
andhttp://localhost:1337/api/connect/keycloak
- Allowed Web Origins:
http://localhost:3000
andhttp://localhost:1337
- Valid redirect URIs:
- In the Client Scopes section, ensure you have the
email
andprofile
scopes set to default - In the Client Scopes section, ensure you have the
openid
scope set to default, if you don't have this you will need to manually create it in the global Client Scopes
Strapi configuration
- Visit the User Permissions provider settings page
http://localhost:1337/admin/settings/users-permissions/providers - Click on the Keycloak provider
- Fill the information:
- Enable:
ON
- Client ID:
<Your Keycloak Client ID>
- Client Secret:
<Your Keycloak Client Secret>
- Subdomain:
<Your Keycloak realm url>
, example is eitherkeycloak.example.com/realms/strapitest
orkeycloak.example.com/auth/realms/strapitest
without the protocol before it - The redirect URL to your front-end app:
http://localhost:3000/connect/keycloak/redirect
- (Optional) Set the JWKS URL if you have a custom JWKS URL, example is like
https://keycloak.example.com/auth/realms/strapitest/protocol/openid-connect/certs
- Enable: