View Source Ueberauth.Strategy.Keycloak (ueberauth_keycloak_strategy v0.4.0)

Provides an Ueberauth strategy for authenticating with Keycloak.

setup

Setup

Create an application in Keycloak for you to use.

Register a new application at: your keycloak developer page and get the client_id and client_secret.

Include the provider in your configuration for Ueberauth

config :ueberauth, Ueberauth,
  providers: [
    keycloak: { Ueberauth.Strategy.Keycloak, [] }
  ]

Then include the configuration for keycloak.

config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
  client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
  client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET")

If you haven't already, create a pipeline and setup routes for your callback handler

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

Create an endpoint for the callback where you will handle the Ueberauth.Auth struct

defmodule MyApp.AuthController do
  use MyApp.Web, :controller

  def callback_phase(%{ assigns: %{ ueberauth_failure: fails } } = conn, _params) do
    # do things with the failure
  end

  def callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do
    # do things with the auth
  end
end

You can edit the behaviour of the Strategy by including some options when you register your provider.

To set the uid_field

config :ueberauth, Ueberauth,
  providers: [
    keycloak: { Ueberauth.Strategy.Keycloak, [uid_field: :email] }
  ]

Default is :id

To set the default 'scopes' (permissions):

config :ueberauth, Ueberauth,
  providers: [
    keycloak: { Ueberauth.Strategy.Keycloak, [default_scope: "api read_user read_registry", api_version: "v4"] }
  ]

Default is "api read_user read_registry"

Link to this section Summary

Functions

Includes the credentials from the Keycloak response.

Stores the raw information (including the token) obtained from the Keycloak callback.

Cleans up the private area of the connection used for passing the raw Keycloak response around during the callback.

Handles the initial redirect to the keycloak authentication page.

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

Fetches the uid field from the Keycloak response. This defaults to the option uid_field which in-turn defaults to id

Link to this section Functions

Includes the credentials from the Keycloak response.

Stores the raw information (including the token) obtained from the Keycloak callback.

Cleans up the private area of the connection used for passing the raw Keycloak response around during the callback.

Handles the initial redirect to the keycloak authentication page.

To customize the scope (permissions) that are requested by keycloak include them as part of your url:

"/auth/keycloak?scope=api read_user read_registry"

The request will include the state parameter that was set by ueberauth (if available)

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

Fetches the uid field from the Keycloak response. This defaults to the option uid_field which in-turn defaults to id