You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- If you don't already have a realm, you'll want to create one
885
+
- In the Clients section of your realm, create a new client
886
+
- Under the capability config, ensure you set `Client Authentication` to on to ensure you can create a private key
887
+
- Under the access settings, ensure you set the following values:
888
+
-**Valid redirect URIs**: `http://localhost:1337/api/connect/keycloak/callback` and `http://localhost:1337/api/connect/keycloak`
889
+
-**Allowed Web Origins**: `http://localhost:3000` and `http://localhost:1337`
890
+
- In the Client Scopes section, ensure you have the `email` and `profile` scopes set to default
891
+
- In the Client Scopes section, ensure you have the `openid` scope set to default, if you don't have this you will need to manually create it in the global Client Scopes
- Visit the User Permissions provider settings page <br/> [http://localhost:1337/admin/settings/users-permissions/providers](http://localhost:1337/admin/settings/users-permissions/providers)
896
+
- Click on the **Keycloak** provider
897
+
- Fill the information:
898
+
- Enable: `ON`
899
+
- Client ID: `<Your Keycloak Client ID>`
900
+
- Client Secret: `<Your Keycloak Client Secret>`
901
+
- Subdomain: `<Your Keycloak realm url>`, example is either `keycloak.example.com/realms/strapitest` or `keycloak.example.com/auth/realms/strapitest`**without the protocol before it**
902
+
- The redirect URL to your front-end app: `http://localhost:3000/connect/keycloak/redirect`
903
+
- (Optional) Set the JWKS URL if you have a custom JWKS URL, example is like `https://keycloak.example.com/auth/realms/strapitest/protocol/openid-connect/certs`
0 commit comments