OAuth integration for Keycloak. Refer to Keycloak Documentation for getting the required credentials. Provider id is keycloak.
import { keycloak } from "@lucia-auth/oauth/providers";
import { auth } from "./lucia.js";
const keycloakAuth = keycloak(auth, config);
keycloak()#
const keycloak: (
auth: Auth,
config: {
domain: string;
realm: string;
clientId: string;
clientSecret: string;
scope?: string[];
redirectUri?: string;
}
) => KeycloakProvider;
Parameters#
| name | type | description | optional |
|---|
auth | Auth | Lucia instance | |
config.domain | string | Keycloak OAuth app client id (e.g. ‘my.domain.com’) | |
config.realm | string | Keycloak Realm of client | |
config.clientId | string | Keycloak OAuth app client id | |
config.clientSecret | string | Keycloak OAuth app client secret | |
config.scope | string[] | an array of scopes | ✓ |
config.redirectUri | string | an authorized redirect URI | ✓ |
Returns#
Interfaces#
KeycloakAuth#
See OAuth2ProviderAuth.
// implements OAuth2ProviderAuth<KeycloakAuth<_Auth>>
interface KeycloakAuth<_Auth extends Auth> {
getAuthorizationUrl: () => Promise<readonly [url: URL, state: string]>;
validateCallback: (code: string) => Promise<KeycloakUserAuth<_Auth>>;
}
Generics#
| name | extends | default |
|---|
_Auth | Auth | Auth |
KeycloakTokens#
type KeycloakTokens = {
accessToken: string;
accessTokenExpiresIn: number;
authTime: number;
issuedAtTime: number;
expirationTime: number;
refreshToken: string | null;
refreshTokenExpiresIn: number | null;
};
KeycloakUser#
type KeycloakUser = {
exp: number;
iat: number;
auth_time: number;
jti: string;
iss: string;
aud: string;
sub: string;
typ: string;
azp: string;
session_state: string;
at_hash: string;
acr: string;
sid: string;
email_verified: boolean;
name: string;
preferred_username: string;
given_name: string;
locale: string;
family_name: string;
email: string;
picture: string;
user: any;
};
KeycloakRole#
type KeycloakUser = PublicKeycloakUser | PrivateKeycloakUser;
type KeycloakRole = {
role_type: "realm" | "resource";
client: null | string; // null if realm_access
role: string;
};
KeycloakUserAuth#
Extends ProviderUserAuth.
interface KeycloakUserAuth<_Auth extends Auth> extends ProviderUserAuth<_Auth> {
keycloakUser: KeycloakUser;
keycloakTokens: KeycloakTokens;
keycloakRoles: KeycloakRoles;
}
Generics#
