Overview
Icon for Keycloak

Keycloak

Enable secure Keycloak login and access control

MedusaJS Keycloak Authentication

๐Ÿ” Seamless Keycloak Identity and Access Management for MedusaJS

๐ŸŒŸ Features

  • Native Keycloak authentication integration
  • Multi-provider authentication support
  • Secure OAuth 2.0 / OpenID Connect implementation
  • Flexible configuration options
  • Role-based access control
  • Single Sign-On (SSO) capabilities

๐Ÿ—๏ธ Authentication Architecture

graph TD
A[User] -->|Login Request| B[MedusaJS]
B -->|Redirect| C[Keycloak]
C -->|Authentication| D[Identity Verification]
D -->|Token| B
B -->|Access Granted| A

๐Ÿ“ฆ Installation

Install the package using npm:

npm install @vymalo/medusa-keycloak

Or using yarn:

yarn add @vymalo/medusa-keycloak

๐Ÿš€ Configuration Example

modules: [
{
resolve: '@medusajs/medusa/auth',
options: {
providers: [
// Keycloak Authentication Provider
{
resolve: `@vymalo/medusa-keycloak`,
id: 'vymalo-keycloak',
options: {
// Keycloak Server Configuration
url: process.env.KEYCLOAK_URL,
realm: process.env.KEYCLOAK_REALM,
clientId: process.env.KEYCLOAK_CLIENT_ID,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
// Optional Advanced Configuration
scope: 'openid profile email', // default
default_redirect_uri: process.env.KEYCLOAK_CALLBACK_URL,
}

๐Ÿ”ง Environment Variables

Required Configuration:

  • Copy to clipboardKEYCLOAK_URL: Keycloak server base URL
  • Copy to clipboardKEYCLOAK_REALM: Keycloak realm name
  • Copy to clipboardKEYCLOAK_CLIENT_ID: Application client ID
  • Copy to clipboardKEYCLOAK_CLIENT_SECRET: Client secret

Optional Configuration:

  • Copy to clipboardKEYCLOAK_SCOPE: Authentication scopes
  • Copy to clipboardKEYCLOAK_CALLBACK_URL: Custom callback URL

๐Ÿ›ก๏ธ Security Considerations

  • Use environment variables for sensitive credentials
  • Implement proper scope restrictions
  • Rotate client secrets periodically
  • Configure appropriate token lifetimes

๐ŸŒ Advanced Integration Options

Authentication Flow Customization

  • Support multiple authentication providers
  • Fallback mechanisms
  • Role-based access control
  • Custom claim mapping

Token Management

  • Access token validation
  • Refresh token handling
  • Session management
  • Single sign-on (SSO) support

๐Ÿ“Š Supported Authentication Flows

  • Authorization Code Flow
  • Implicit Flow
  • Hybrid Flow
  • Client Credentials Flow
  • Direct Access Grants

๐Ÿค Contributing

Contributions are welcome!

  • Improve authentication logic
  • Add new Keycloak configuration options
  • Enhance security features
  • Provide more robust error handling

๐Ÿ› Troubleshooting

  • Verify Keycloak server connectivity
  • Check client configuration
  • Validate environment variables
  • Review network and CORS settings

๐Ÿ“„ License

Check the license

You may also like

Browse all integrations

Build your own

Develop your own custom integraiton

Build your own integration with our API to speed up your processes. Make your integration available via npm for it to be shared in our Library with the broader Medusa community.

gift card interface

Ready to build your custom commerce setup?