keycloak_flask_auth

Example code of auth using keycloak and python Flask (Authlib library)

Launch keycloak using docker-compose

docker compose up

Log in into Keycloak and edit the settings

Go to http://localhost:8080/admin/master/console/ and log in as the admin user:

user: admin
password: admin

You will be asked to modify your password.

Step 1: Create a new Realm with a user

For the sake of testing, assume that user email is verified

Set user credentials

Also for the sake of testing set a password (example: "test") which is not a temporary password

Testing the login

Going to the following URL http://localhost:8080/realms/CG/account

Will show a login window that will work for the new user with the newly created credentials:

Create a client

Back on the admin interface, create a client. A client is an application that can request authentication on behalf of a user. The application might be a web application or a backend API.

Client settings:

The client should have the following access settings:

Root URL: http://localhost/
Valid Redirect URIs: http://localhost:5000/auth
Valid Post Logout Redirect URIs: http://localhost/
Web Origins: http://localhost

And

Note that general client settings are accessible at this URL: http://localhost:8080/realms/CG/.well-known/openid-configuration

Install and launch the demo app

After creating a conda environment containing Python >=3.9, activate the environment.

Install the package:

pip install -r requirements.txt
pip install -e .

Configure client secret

From the KeyCloak admin console, obtain the Client Secret for your created client from the bottom of the Credentials tab, and set the demo app client secret KEYCLOAK_CLIENT_SECRET to this same value (in demo_app/config.py).

Launch the package

kcdemo

Login/logout test page

Will be available in a browser at the following URL: http://localhost:5000/

You can now try the user login with user email and password specified in the Keycloack settings ("clark.kent@mail.com", "test"):