Google Social Login with KeyCloak

In this tutorial we will learn how to create a Social Login with Keycloak using Google Identity Brokering

An Identity broker is responsible for creating a trust relationship with an external Identity provider in order to use its identities to access internal services exposed by service providers. The identity provider is usually based on a specific protocol that is used to authenticate and communicate authentication and authorization information to their users. It can be a social provider such as Facebook, Google or Twitter.

In this example, we will learn how to use Google as Identity Provider. Here are the steps required to get started with it:

Create a new Realm Definition

Login into Keycloak administration console and create a new Realm definition. For example, create the Realm Google-Auth

keycloak google tutorial

Create a Google Application

Next, move to Google APIs Portal: amd define a new API.

Now click on the Create Credentials button and choose OAuth Client ID

keycloak google tutorial

In the following window, select Web application as Application type and, in the Authorized Redirect URI, you have to specify your Keycloak URI, relative to your Realm, in our case http://localhost:8080/auth/realms/Google-Auth/broker/google/endpoint

keycloak google3

In the end, when you save, the ClientID and Secret will be generated (Keet it safe!)

keycloak google tutorial

Create an Identity Provider in Keycloak

Now switch back to the Keycloak Administration console and click on Identity Providers. From there, in the combobox located in the top right corner, choose to Add Provider and as Social select “Google”. Here you will have to insert the ClientID and Secret that was just generated:

keycloak google tutorial

Great. Now you need generating a Client application.

Create a Client Application

From the Administration console, add a new Client and specify the settings related to the Web context:

keycloak google tutorial

In our case, the application named googledemo.war will be available on localhost:8180, therefore set the Redirect URIs accordingly.

Great, install the realm via the JSON file or as a subsystem (See this tutorial for more info about it: Introduction to Keycloak )

Let’s rollup!

Now, as you deploy your googledemo.war application you will be able to use the Google identity provider- just click on the Google+ button and login with your Google Account:

keycloak google tutorial social

Great! We were able to secure a Web application using a Social identity provider. More examples are available on github at: