IDP Kit
Products Community GitHub Share Feedback

Keycloak (>19.0.1)

Since the IDP Kit is compliant with the well adopted OpenID Connect standard for identity provision, it can be easily integrated, as a federated identity provider on Keycloak.

Assuming that you already have a local instance of Keycloak running, we will continue with the configuration of our federated identity provider. In case you need to setup Keycloak first, please have a look at their documentation on how to get started.

Important: There are currenlty some issues with the versions >19.0.1 of Keycloak. Please use Keycloak 18.0.2 or Keycloak 20 for a smooth experience.

Configuration

To start with the configuration, we log in to the KeyCloak administration console with our admin credentials and navigate to the realm, for which we want to apply the configuration.

New external Identity Provider

  1. In the admin console, we select under configurations the Identity providers and select the OpenID Connect v1.0 option

2. We fill out Alias and Display Name

3. Add the Discovery endpoint, which will be in the form of:

{host}/api/oidc/.well-known/openid-configuration

We need to make sure IDP Kit is running, as Keycloak will import all the information it needs from that endpoint.

4. Provide Client ID and Client Secret which we got during the client registration step

Advanced Settings

After successfully creating the new identity provider, in the Advanced settings section when expanding the Advanced dropdown, we need to update Scopes and Prompt

  1. Scopes = openid nft_token

  2. Prompt = None

By updating the scopes to use nft_token, we make sure the IDP-Kit will use NFTs as a method of authentication, when the user logs in.

Check Redirect URI

Now that we've finished the setup of our Identity provider in Keycloak, we must make sure that the client we registered with the IDP-Kit has the correct redirect URL. The redirect URL should match the value found in at Redirect URI in our just created Identity Provider.

Updating IDP-Kit client

In case the redirect URL registered with our IDP-Kit client does not match, we need to make a change.

To update an existing client, we can use the clients register command provided under the OIDC scope of the CLI tool and add the -u flag to note that we want to change a client with the specified id.

idpkit config --oidc clients register -n "myFrontend" -r "http://localhost:8082/realms/NFT/broker/nft/endpoint" -u "client_id"

Parameter description

  • -n - Name of the client

  • -r - The redirect URL which should be used in the OIDC flow

  • -u - The ID of the client we would like to update

After updating the client, we can now run the IDP-Kit and connect Keycloak to an application of our choice. We will be using Next.js and NextAuth.

PreviousKeycloak (18.0.2)NextFrontend - Next.js

Last updated