Keycloak：修订间差异

2024年12月4日 (三) 13:59的版本

Install

docker run --name example-keycloak \
  -p 8081:8080 -d \
  -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
  -e KC_BOOTSTRAP_ADMIN_PASSWORD=<change it> \
  quay.io/keycloak/keycloak:26.0.7 start-dev \
  --hostname=https://oauth.example.com

Reversed proxy^[1]:

server {

    server_name oauth.example.com;

    location / {
        root   html;
        index  index.html index.htm;
        proxy_pass  http://localhost:8081;

	       proxy_redirect off;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Forwarded-Port 443;
    }
    ...
}

Configure

Create realm: my-org
Create users: whatever
Create client: my-app

Client ID: my-app
Valid redirect URIs: http://localhost:5173/auth/callback
Valid post logout redirect URIs : http://localhost:5173
Web origins: http://localhost:5173 (No slash at end!!!)
Client authentication: off (for public clients)
Authentication flow: Standard flow, Direct access grants

↑ https://medium.com/@asynchronouscal/keycloak-production-mode-with-docker-step-by-step-guide-b284927e72c0

[1] ttps://medium.com/@asynchronouscal/keycloak-production-mode-with-docker-step-by-step-guide-b284927e72c0

[1]