Published in


Keycloak Express Openid-client

Keycloak is deprecating their client adapters (keycloak-connect) for Node and recommending openid-client as a replacement.

Setup Keycloak

First I download keycloak extract it and you can run it with the following command.

bin/ start-dev

You can then login http://localhost:8080, first time you do keycloak asks you to set an admin user and password.

Create a Realm and give it an name and create it. I am using keycloak-express for my realm name

The create a Client using openid-connect in the Realm

Set the Valid Redirect URIs and select save.

NOTE:you can specify specific routes here but I am using a wild card(not recommend best practice)

Create a user its documented here so I won’t go into it.

That’s it for Keycloak setup

Setup Openid-client with Passport in Express

We are going to use this openid-client and passport to connect to keycloak. I install the following

npm install passport
npm install openid-client
npm install express-session
npm install express

From the Realm we need the openid-configuration can be got from an endpoint


So in my case the realm name is keycloak-express so the url will be http://localhost:8080/realms/keycloak-express/.well-known/openid-configuration the output is as follows

All we need is this issuer:"http://localhost:8080/realms/keycloak-express" url to connect openid-client to keycloak as follows

I then setup express sessions

Then setup passport to use open connect id strategy

Most of above is copied from the passport docs, I found this blog helpful in explaining serialize/deserialize.

Next I setup the authentication route this makes use of the the callback redirect_uris: from the keycloakIssuer.Client

I then setup a function to check if a route is authenticated

This can then be used on protected routes

Finally I set the logout route up this also uses a callback post_logout_redirect_uris from the keycloakIssuer.Client

And set the app to listen

Repo here with some extra code around views. Looks like this




Open Source Identity Solution for Applications, Services and APIs

Recommended from Medium

Handling “loading” states globally in @ngrx/store

Part 2: Easy Way To Create ReactJS Components

My first website design

Preload your images

How to resolve labels overlap in AmCharts 4

Persistent JavaScript storage with CSV

Setting Up a Redux Project With Create-React-App

Creating a Component Library

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Austin Cunningham

Austin Cunningham

Senior Software Engineer at Red Hat

More from Medium

Ackee Node.js Optimized GitLab CI Runners

Keycloak authentication in Electron application

Kakajs the simplest way to use Kafka with Node JS

Database with Prisma ORM, Docker and Postgres — NestJs with Passport #02