Overview
Keycloak
Enable secure Keycloak login and access control
MedusaJS Keycloak Authentication
๐ Seamless Keycloak Identity and Access Management for MedusaJS
๐ Features
- Native Keycloak authentication integration
- Multi-provider authentication support
- Secure OAuth 2.0 / OpenID Connect implementation
- Flexible configuration options
- Role-based access control
- Single Sign-On (SSO) capabilities
๐๏ธ Authentication Architecture
123456graph TDA[User] -->|Login Request| B[MedusaJS]B -->|Redirect| C[Keycloak]C -->|Authentication| D[Identity Verification]D -->|Token| BB -->|Access Granted| A
๐ฆ Installation
Install the package using npm:
1npm install @vymalo/medusa-keycloak
Or using yarn:
1yarn add @vymalo/medusa-keycloak
๐ Configuration Example
1234567891011121314151617181920modules: [{resolve: '@medusajs/medusa/auth',options: {providers: [// Keycloak Authentication Provider{resolve: `@vymalo/medusa-keycloak`,id: 'vymalo-keycloak',options: {// Keycloak Server Configurationurl: process.env.KEYCLOAK_URL,realm: process.env.KEYCLOAK_REALM,clientId: process.env.KEYCLOAK_CLIENT_ID,clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,// Optional Advanced Configurationscope: 'openid profile email', // defaultdefault_redirect_uri: process.env.KEYCLOAK_CALLBACK_URL,}
๐ง Environment Variables
Required Configuration:
- Copy to clipboard
KEYCLOAK_URL
: Keycloak server base URL - Copy to clipboard
KEYCLOAK_REALM
: Keycloak realm name - Copy to clipboard
KEYCLOAK_CLIENT_ID
: Application client ID - Copy to clipboard
KEYCLOAK_CLIENT_SECRET
: Client secret
Optional Configuration:
- Copy to clipboard
KEYCLOAK_SCOPE
: Authentication scopes - Copy to clipboard
KEYCLOAK_CALLBACK_URL
: Custom callback URL
๐ก๏ธ Security Considerations
- Use environment variables for sensitive credentials
- Implement proper scope restrictions
- Rotate client secrets periodically
- Configure appropriate token lifetimes
๐ Advanced Integration Options
Authentication Flow Customization
- Support multiple authentication providers
- Fallback mechanisms
- Role-based access control
- Custom claim mapping
Token Management
- Access token validation
- Refresh token handling
- Session management
- Single sign-on (SSO) support
๐ Supported Authentication Flows
- Authorization Code Flow
- Implicit Flow
- Hybrid Flow
- Client Credentials Flow
- Direct Access Grants
๐ค Contributing
Contributions are welcome!
- Improve authentication logic
- Add new Keycloak configuration options
- Enhance security features
- Provide more robust error handling
๐ Troubleshooting
- Verify Keycloak server connectivity
- Check client configuration
- Validate environment variables
- Review network and CORS settings