edoaurahman / keycloak-sso
Integrate Laravel with Keycloak
Installs: 86
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/edoaurahman/keycloak-sso
Requires
- php: ^7.4 || ^8.0 || ^8.1
- guzzlehttp/guzzle: ^7.8.2
- illuminate/support: ^8.0 || ^9.0 || ^10.0 || ^11.0 || ^12.0
- laravel/socialite: ^5.18
- socialiteproviders/keycloak: ^5.3.0
- socialiteproviders/manager: ^4.1
This package is auto-updated.
Last update: 2025-10-16 00:41:36 UTC
README
This package provides integration between Laravel and Keycloak, enabling Single Sign-On (SSO) and a convenient way to handle Keycloak tokens.
Requirements
- PHP ^8.1
- Laravel ^8.0 || ^9.0 || ^10.0 || ^11.0 || ^12.0
Installation
- 
Require the package: composer require tekinfopg/sso-helper-laravel 
- 
Publish and configure the package: php artisan vendor:publish --provider="Edoaurahman\\KeycloakSso\\KeycloakServiceProvider" --tag=keycloak-configor php artisan vendor:publish --tag=keycloak-config This will publish a config file at config/keycloak.php. Adjust the settings to match your Keycloak realm, tokens, etc.
- 
Add configuration to config/services.php'keycloak' => [ 'client_id' => env('KEYCLOAK_CLIENT_ID'), 'client_secret' => env('KEYCLOAK_CLIENT_SECRET'), 'redirect' => env('KEYCLOAK_REDIRECT_URI'), 'base_url' => env('KEYCLOAK_BASE_URL'), // Specify your keycloak server URL here 'realms' => env('KEYCLOAK_REALM') // Specify your keycloak realm ], 
- 
Add provider event listener Laravel 11+ In Laravel 11, the default EventServiceProvider provider was removed. Instead, add the listener using the listen method on the Event facade, in your AppServiceProvider boot method. - Note: You do not need to add anything for the built-in socialite providers unless you override them with your own providers.
 Event::listen(function (\SocialiteProviders\Manager\SocialiteWasCalled $event) { $event->extendSocialite('keycloak', \SocialiteProviders\Keycloak\Provider::class); }); Laravel 10 or below Configure the package's listener to listen for SocialiteWasCalledevents. Add the event to your listen[] array inapp/Providers/EventServiceProvider.protected $listen = [ \SocialiteProviders\Manager\SocialiteWasCalled::class => [ // ... other providers \SocialiteProviders\Keycloak\KeycloakExtendSocialite::class.'@handle', ], ]; 
- 
Set up the fields for storing tokens in your User model: // in your database migration Schema::table('users', function (Blueprint $table) { $table->string('keycloak_token')->nullable(); $table->string('keycloak_refresh_token')->nullable(); }); // in your User model protected $fillable = [ // ... 'keycloak_token', 'keycloak_refresh_token', ]; 
Usage
KeycloakProviderService Interface
| Method | Description | Parameters | Return Type | 
|---|---|---|---|
| setBaseUrl($baseUrl) | Set the base Keycloak URL. | string $baseUrl | void | 
| setRealm($realm) | Set the Keycloak realm. | string $realm | void | 
| setTokenField($tokenField) | Set the custom token field. | string $tokenField | void | 
| setRefreshTokenField($refreshTokenField) | Set the custom refresh token field. | string $refreshTokenField | void | 
| refreshToken($refreshToken = null) | Refresh the Keycloak access token. | string $refreshToken(nullable) | `string | 
| request($method, $url, $data = []) | Generic request to Keycloak API. | string $method,string $url,array $data | array | 
| getClientList() | Get Keycloak client list. | N/A | array | 
| getUserList() | Get Keycloak user list. | N/A | array | 
| getUser($id) | Get a single user. | `string | int $id` | 
| createUser($data) | Create a new Keycloak user. | array $data | array | 
| updateUser($id, $data) | Update an existing user. | `string | int $id , array $data` | 
| deleteUser($id) | Delete a user. | `string | int $id` | 
| regenerateClientSecret($id) | Regenerate client’s secret. | `string | int $id` | 
| getUserRoles($id) | Get roles assigned to a user. | string $id | array | 
| getRoles($clientUuid) | Get all roles by client or realm. | string $clientUuid | array | 
| getUsersWithRole($roleName) | Get all users with a given role. | string $roleName | array | 
| getUsersWithRoles($clientUuid) | Get all users and their roles for a client. | string $clientUuid | array | 
| createRole($clientUuid, $data) | Create a role for the realm or client. | string $clientUuid,array $data | array | 
| resetUserPassword($userId, $newPassword) | Reset the password of a user by ID. | string $userId,string $newPassword | array | 
| updateCurrentUserProfile($data) | Update the profile of the currently logged-in user. | array $data | array | 
| deleteAllCurrentUserSessions() | Delete all sessions except the current session for the logged-in user. | N/A | array | 
| deleteCurrentUserSessionById($sessionId) | Delete a session associated with the currently logged-in user by ID. | string $sessionId | array | 
| sendVerificationEmail($userId) | Send a verification email to a user to verify their email address. | string $userId | array | 
| sendResetPasswordEmail($userId) | Send a reset password email to a user to reset their password. | string $userId | array | 
| Other method on progress | - | - | - | 
Example
Route::get('/login-keycloak', function () { return Socialite::driver('keycloak')->redirect(); }); Route::get('/callback-keycloak', function () { $user = Socialite::driver('keycloak')->user(); // Handle login logic... }); Route::get('/get-users-keycloak', function (KeycloakProviderServiceInterface $keycloak) { return $keycloak->getUserList(); });
Env
KEYCLOAK_CLIENT_ID=client KEYCLOAK_CLIENT_SECRET=secret_value KEYCLOAK_CLIENT_UUID=uuid_value KEYCLOAK_REDIRECT_URI=redirect_uri_value KEYCLOAK_BASE_URL=https://example.com/ KEYCLOAK_REALM=example_realm KEYCLOAK_API_URL=https://api.example.com/
Contributing
Contributions are welcome! Feel free to submit a pull request or open an issue.
License
This package is open-sourced software licensed under the MIT license.