Github as Identity Provider in Keycloak
In this post, we will see how to configure GitHub as an Identity Provider in the Keycloak. A similar process can be used for configuring any other identity provider supported by the Keycloak. Currently, Keycloak supports Google, Facebook, Twitter, GitHub, LinkedIn, Microsoft and Stack Overflow, etc.
Let’s understand the Identity flow first.
- User tries to access the resource (application)
- if unauthenticated, it gets redirected to identity broker i.e Keycloak login page.
- Users can get authenticated using keycloak login or use the social login button, Github login in this case.
- Identity broken will exchange authorization token from the identity provider, which will request you to approve the permissions.
- Once, approval is provided by the user. The identity broker will create an authentication session for the user.
- Now the user is allowed to access the requested resource.
Setup
We will see how to set up an identity provider in Keycloak & registering an Oauth application in Github.
Github Configuration
Under developer settings:(https://github.com/settings/developers).
Click on New Oauth App: (name: keycloak-integration-app, name anything as per your use-case). You will see a client id and client secret generated for your application.
Keycloak
Configuring GitHub as Identity Provider. I have created a realm named:keycloak-demo
In the side nav menu, select the Identity Provider & select Github as the provider. Copy the client id and client secret, which you have generated in Figure 2.
Now you can copy the Redirect URI as shown in Figure 2. And update the Home page Url & Authorization callback url in the Oauth app configuration.
Homepage Url: (keycloak server url): https://127.0.0.1:8080/realms/keycloak-demo
Authorization callback url: https://127.0.0.1/auth/realm/keycloak-demo/github/endpoint
That’s all you need to register for an identity provider.
For Quick Testing
Try to access the page: http://127.0.0.1:8080/auth/admin/keycloak-demo/console/
When you click on the Social login: Github
You can see in the console, a session is created for the user.
In conclusion
Keycloak provides integration with all popular social logins & allows you can configure custom providers as well. It helps save you from managing all social integration in a single dashboard.
If you like this post, give a Cheer!!!
Follow the Collection: Keycloak for learning more…
Happy Secure Coding ❤