composer require socialiteproviders/keycloak
Please see the Base Installation Guide, then follow the provider specific instructions below.
'keycloak' => [
'client_id' => env('KEYCLOAK_CLIENT_ID'),
'client_secret' => env('KEYCLOAK_CLIENT_SECRET'),
'redirect' => env('KEYCLOAK_REDIRECT_URI'),
'base_url' => env('KEYCLOAK_BASE_URL'), // Specify your keycloak server URL here
'realms' => env('KEYCLOAK_REALM') // Specify your keycloak realm
],
In Laravel 11, the default EventServiceProvider
provider was removed. Instead, add the listener using the listen
method on the Event
facade, in your AppServiceProvider
boot
method.
- Note: You do not need to add anything for the built-in socialite providers unless you override them with your own providers.
Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) {
$event->extendSocialite('keycloak', \SocialiteProviders\Keycloak\Provider::class);
});
Laravel 10 or below
Configure the package's listener to listen for `SocialiteWasCalled` events.Add the event to your listen[]
array in app/Providers/EventServiceProvider
. See the Base Installation Guide for detailed instructions.
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\Keycloak\KeycloakExtendSocialite::class.'@handle',
],
];
You should now be able to use the provider like you would regularly use Socialite (assuming you have the facade installed):
return Socialite::driver('keycloak')->redirect();
To logout of your app and Keycloak:
public function logout() {
// Logout of your app.
Auth::logout();
// The user will not be redirected back.
return redirect(Socialite::driver('keycloak')->getLogoutUrl());
// The URL the user is redirected to after logout.
$redirectUri = Config::get('app.url');
// Keycloak v18+ does support a post_logout_redirect_uri in combination with a
// client_id or an id_token_hint parameter or both of them.
// NOTE: You will need to set valid post logout redirect URI in Keycloak.
return redirect(Socialite::driver('keycloak')->getLogoutUrl($redirectUri, env('KEYCLOAK_CLIENT_ID')));
return redirect(Socialite::driver('keycloak')->getLogoutUrl($redirectUri, null, 'YOUR_ID_TOKEN_HINT'));
return redirect(Socialite::driver('keycloak')->getLogoutUrl($redirectUri, env('KEYCLOAK_CLIENT_ID'), 'YOUR_ID_TOKEN_HINT'));
// You may add additional allowed parameters as listed in
// https://openid.net/specs/openid-connect-rpinitiated-1_0.html
return redirect(Socialite::driver('keycloak')->getLogoutUrl($redirectUri, CLIENT_ID, null, ['state' => '...'], ['ui_locales' => 'de-DE']));
// Keycloak before v18 does support a redirect URL
// to redirect back to Keycloak.
return redirect(Socialite::driver('keycloak')->getLogoutUrl($redirectUri));
}
Keycloak below v3.2 requires no scopes to be set. Later versions require the openid
scope for all requests.
return Socialite::driver('keycloak')->scopes([])->redirect();
See the upgrade guide.