Skip to content
Migrating from NextAuth.js v4? Read our migration guide.

providers/keycloak

Built-in Keycloak integration.

KeycloakProfile

Extends

Properties

acr

acr: string;

at_hash

at_hash: string;

aud

aud: string;

auth_time

auth_time: number;

azp

azp: string;

email

email: string;

email_verified

email_verified: boolean;

exp

exp: number;

family_name

family_name: string;

given_name

given_name: string;

iat

iat: number;

iss

iss: string;

jti

jti: string;

name

name: string;

picture

picture: string;

preferred_username

preferred_username: string;

session_state

session_state: string;

sid

sid: string;

sub

sub: string;

typ

typ: string;

user

user: any;

default()

default<P>(options): OAuthConfig<P>

Add Keycloak login to your page.

Setup

Callback URL

https://example.com/api/auth/callback/keycloak

Configuration

import { Auth } from "@auth/core"
import Keycloak from "@auth/core/providers/keycloak"
 
const request = new Request(origin)
const response = await Auth(request, {
  providers: [
    Keycloak({
      clientId: KEYCLOAK_CLIENT_ID,
      clientSecret: KEYCLOAK_CLIENT_SECRET,
      issuer: KEYCLOAK_ISSUER,
    }),
  ],
})

Resources

💡

Create an openid-connect client in Keycloak with “confidential” as the “Access Type”.

issuer should include the realm – e.g. https://my-keycloak-domain.com/realms/My_Realm

Notes

By default, Auth.js assumes that the Keycloak provider is based on the Open ID Connect specification.

💡

The Keycloak provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.

Disclaimer If you think you found a bug in the default configuration, you can open an issue.

Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.

Type parameters

Type parameter
P extends KeycloakProfile

Parameters

ParameterType
optionsOAuthUserConfig<P>

Returns

OAuthConfig<P>

Auth.js © Balázs Orbán and Team - 2025