Open in app

Sign in

Write

Sign in

Github as Identity Provider in Keycloak

Abhishek koserwal
Keycloak
Published in
3 min readJan 15, 2020

In this post, we will see how to configure GitHub as an Identity Provider in the Keycloak. A similar process can be used for configuring any other identity provider supported by the Keycloak. Currently, Keycloak supports Google, Facebook, Twitter, GitHub, LinkedIn, Microsoft and Stack Overflow, etc.

Let’s understand the Identity flow first.

Figure 1: Identity flow
  • User tries to access the resource (application)
  • if unauthenticated, it gets redirected to identity broker i.e Keycloak login page.
  • Users can get authenticated using keycloak login or use the social login button, Github login in this case.
  • Identity broken will exchange authorization token from the identity provider, which will request you to approve the permissions.
  • Once, approval is provided by the user. The identity broker will create an authentication session for the user.
  • Now the user is allowed to access the requested resource.

Setup

We will see how to set up an identity provider in Keycloak & registering an Oauth application in Github.

Github Configuration

Under developer settings:(https://github.com/settings/developers).

Click on New Oauth App: (name: keycloak-integration-app, name anything as per your use-case). You will see a client id and client secret generated for your application.

Figure 2: Github: Oauth New App

Keycloak

Configuring GitHub as Identity Provider. I have created a realm named:keycloak-demo

In the side nav menu, select the Identity Provider & select Github as the provider. Copy the client id and client secret, which you have generated in Figure 2.

Figure 3: keycloak (Github as an Identity provider)

Now you can copy the Redirect URI as shown in Figure 2. And update the Home page Url & Authorization callback url in the Oauth app configuration.

Figure 4: Github: OAuth app configuration

Homepage Url: (keycloak server url): https://127.0.0.1:8080/realms/keycloak-demo

Authorization callback url: https://127.0.0.1/auth/realm/keycloak-demo/github/endpoint

That’s all you need to register for an identity provider.

For Quick Testing

Try to access the page: http://127.0.0.1:8080/auth/admin/keycloak-demo/console/

Figure 5: Identity Broker Login Screen

When you click on the Social login: Github

Figure 6: Identity Provider login

You can see in the console, a session is created for the user.

In conclusion

Keycloak provides integration with all popular social logins & allows you can configure custom providers as well. It helps save you from managing all social integration in a single dashboard.

If you like this post, give a Cheer!!!

Follow the Collection: Keycloak for learning more…

Happy Secure Coding ❤

Identity Provider
Keycloak
Github
Openid Connect

--

--

Abhishek koserwal
Keycloak

Written by Abhishek koserwal

382 Followers
Editor for

#redhatter #opensource #developer #kubernetes #keycloak #golang #openshift #quarkus #spring

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams