ContextQMD
Back to Lobehub

Configuring Keycloak Authentication for LobeHub

docs/self-hosting/auth/providers/keycloak.mdx

2.1.562.3 KB
Original Source

Configuring Keycloak Authentication

Keycloak is an open-source Identity and Access Management solution.

<Steps> ### Create Client in Keycloak
  1. Log in to your Keycloak Admin Console
  2. Select your realm (or create a new one)
  3. Go to Clients > Create client
  4. Configure the client:
    • Client type: OpenID Connect
    • Client ID: lobechat (or any name you prefer)
  5. Click Next
  6. Enable Client authentication (On)
  7. Click Next and then Save

Configure Redirect URI

In the client Settings tab:

  1. Add redirect URI under Valid redirect URIs

<Callout type={'info'}> Callback URL format:

- Local development: `http://localhost:3210/api/auth/callback/keycloak`
- Production: `https://your-domain.com/api/auth/callback/keycloak`
</Callout>

Get Client Secret

Go to the Credentials tab and copy the Client secret.

Get Issuer URL

The issuer URL format: https://your-keycloak-domain/realms/your-realm

For example: https://keycloak.example.com/realms/master

Configure Environment Variables

Environment VariableTypeDescription
AUTH_SECRETRequiredSession encryption key, generate with openssl rand -base64 32
AUTH_SSO_PROVIDERSRequiredSet to keycloak
AUTH_KEYCLOAK_IDRequiredClient ID
AUTH_KEYCLOAK_SECRETRequiredClient Secret
AUTH_KEYCLOAK_ISSUERRequiredhttps://your-keycloak-domain/realms/your-realm

<Callout type={'tip'}> Go to 📘 Environment Variables for detailed information. </Callout> </Steps>

<Callout type={'info'}> After successful deployment, users will be able to authenticate with Keycloak and use LobeHub. </Callout>