In this tutorial we will learn how to create a Social Login with Keycloak using Google Identity Brokering
An Identity broker is responsible for creating a trust relationship with an external Identity provider in order to use its identities to access internal services exposed by service providers. The identity provider is usually based on a specific protocol that is used to authenticate and communicate authentication and authorization information to their users. It can be a social provider such as Facebook, Google or Twitter.
In this example, we will learn how to use Google as Identity Provider. Here are the steps required to get started with it:
Create a new Realm Definition
Login into Keycloak administration console and create a new Realm definition. For example, create the Realm Google-Auth
Create a Google Application
Next, move to Google APIs Portal: https://console.developers.google.com amd define a new API.
Now click on the Create Credentials button and choose OAuth Client ID
In the following window, select Web application as Application type and, in the Authorized Redirect URI, you have to specify your Keycloak URI, relative to your Realm, in our case http://localhost:8080/auth/realms/Google-Auth/broker/google/endpoint
In the end, when you save, the ClientID and Secret will be generated (Keet it safe!)
Create an Identity Provider in Keycloak
Now switch back to the Keycloak Administration console and click on Identity Providers. From there, in the combobox located in the top right corner, choose to Add Provider and as Social select "Google". Here you will have to insert the ClientID and Secret that was just generated:
Great. Now you need generating a Client application.
Create a Client Application
From the Administration console, add a new Client and specify the settings related to the Web context:
In our case, the application named googledemo.war will be available on localhost:8180, therefore set the Redirect URIs accordingly.
Great, install the realm via the JSON file or as a subsystem (See this tutorial for more info about it: Introduction to Keycloak )
Now, as you deploy your googledemo.war application you will be able to use the Google identity provider- just click on the Google+ button and login with your Google Account:
Great! We were able to secure a Web application using a Social identity provider. More examples are available on github at: https://github.com/keycloak/keycloak/tree/master/examples/demo-template