Keycloak is an open source identity and access management solution. It provides a single sign-on solution for web applications and services. This guide will show you how to configure WunderGraph to use Keycloak as an authentication provider.
Open your project's
wundergraph.config.ts and scroll down to the
authentication object. Inside the nested
cookieBased object is a nested array object called
providers. Inside this array, add an
openIDConnect auth provider as shown below:
You can use
queryParameters to pass additional parameters to the identity provider. For example to pass the
kc_idp_hint parameter to Keycloak to preselect the identity provider.
On production you have to configure cookie keys and crsf token secret to make sure your application is secure, read more.
Once configured you can use the WunderGraph client to authenticate users in your application.
login function takes the provider id as the first argument and a redirectURL as the second argument. Calling the
login function will initiate the authentication flow and redirect the user to the identity provider, after succesful authentication the user will be redirected back to the provided redirectURL or the default redirectURL configured at the provider.
logout method can be used to log out the current user. By default this will only remove the authentication cookie from the browser. If you want to log out the user from the identity provider as well, you can pass the
Customize with Hooks
You can customize the authentication flow by using hooks. For example to create a new user in your database after a successful authentication.