PHPackages berthott/laravel-keycloak-users - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. berthott/laravel-keycloak-users ActiveLibrary[Authentication & Authorization](/categories/authentication) berthott/laravel-keycloak-users =============================== Laravel user administration in Keycloak 3.0.3(2y ago)41.2kMITPHP Since Sep 9Pushed 3mo ago3 watchersCompare [ Source](https://github.com/berthott/laravel-keycloak-users)[ Packagist](https://packagist.org/packages/berthott/laravel-keycloak-users)[ RSS](/packages/berthott-laravel-keycloak-users/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (6)Versions (19)Used By (0) [![test workflow](https://github.com/berthott/laravel-keycloak-users/actions/workflows/test.yml/badge.svg)](https://github.com/berthott/laravel-keycloak-users/actions/workflows/test.yml/badge.svg) Laravel-Keycloak-Users ====================== [](#laravel-keycloak-users) Laravel user administration in Keycloak. Keycloak user administration utilizing [haizad/laravel-keycloak-admin](https://github.com/haizad/laravel-keycloak-admin) for Keycloak API communication. Working hand in hand with [robsontenorio/laravel-keycloak-guard](https://github.com/robsontenorio/laravel-keycloak-guard) and / or [Vizir/laravel-keycloak-web-guard](https://github.com/Vizir/laravel-keycloak-web-guard) for Keycloak authorization. Creates a user representation on Laravel side and hooks into the model events to create the users in keycloak. Optionally syncs the current Keycloak state into Laravel. Keycloak as a guard for your Laravel application ------------------------------------------------ [](#keycloak-as-a-guard-for-your-laravel-application) You will most likely want to set up Keycloak as a `web` or `api` guard for you application. You might set up [robsontenorio/laravel-keycloak-guard](https://github.com/robsontenorio/laravel-keycloak-guard) as an `api` guard and [Vizir/laravel-keycloak-web-guard](https://github.com/Vizir/laravel-keycloak-web-guard) as an `web`guard. An example set up might be: Installation: ``` composer require robsontenorio/laravel-keycloak-guard composer require vizir/laravel-keycloak-web-guard ``` Your `.env` file: ``` # web + api KEYCLOAK_BASE_URL= # web KEYCLOAK_REALM= KEYCLOAK_REALM_PUBLIC_KEY= KEYCLOAK_CLIENT_ID= # your web client id KEYCLOAK_CLIENT_SECRET= # api KEYCLOAK_ALLOWED_RESOURCES= ``` Your `auth.php` config: ``` 'defaults' => [ 'guard' => 'web', 'passwords' => 'users', ], 'guards' => [ 'web' => [ 'driver' => 'keycloak-web', 'provider' => 'users', ], 'api' => [ 'driver' => 'keycloak', 'provider' => 'users', 'hash' => false, ], ], ``` The `KEYCLOAK_CLIENT_ID` will be a Keycloak OpenID Connect client allowing `Standard flow` and `Direct access grants` and `Client authentification + Authorization` turned **OFF**. This means there will be no `KEYCLOAK_CLIENT_SECRET` set. This is our `web` client. And additional Keycloak OpenID Connect client allowing `Standard flow` and `Direct access grants` and `Client authentification + Authorization` turned **ON** needs to be set up as our `api` client. The `KEYCLOAK_ALLOWED_RESOURCES` is a string that will be verified by the `api` guard to be present inside the JWT token, that the Frontend received from the `web` client. Installation ------------ [](#installation) ### In Laravel [](#in-laravel) ``` $ composer require berthott/laravel-keycloak-users $ php artisan migrate ``` Additionaly to the guard environment variables set: ``` KEYCLOAK_ADMIN_CLIENT_ID= # your api client id KEYCLOAK_ADMIN_CLIENT_SECRET= # your api client secret ``` ### In Keycloak [](#in-keycloak) Setup a client, with `Access Type: confidential` and `Service Accounts Enabled: true`. Set `Realm Settings > Login > Edit Username: true`. Add `manage-users, query-users, view-users` to `Roles > Default Roles > realm-management`. Add the value chosen for the `api` guards `KEYCLOAK_ALLOWED_RESOURCES` to `Clients > (your Web Client) > Mappers` as Hardcoded Role. Usage ----- [](#usage) The package is loaded into Laravel automatically. A default user model is generated with ready to use [API Resource Routes](https://laravel.com/docs/8.x/controllers#api-resource-routes). The package will add the following routes: - Index, *get* `users/` => get all users - Show, *get* `users/{user}` => get a single user - Create, *post* `users/` => create a new user - Update, *put* `users/{user}` => update an user - Destroy, *delete* `users/{user}` => delete an user - Destroy many, *delete* `users/destroy_many` => delete many users by their given ids - Schema, *get* `users/schema` => get the user table schema ### Changing the User Model [](#changing-the-user-model) - Create your custom User model extending `berthott\KeycloakUsers\Models\User` - Publish migration with `php artisan vendor:publish --provider="berthott\KeycloakUsers\KeycloakUsersServiceProvider" --tag="migrations"` and change it accordingly ### Changing the Welcome Email for new users [](#changing-the-welcome-email-for-new-users) When creating a new user in Laravel a random password is generated and sent to the user. At the same time a new Keycloak user is generated with this very password. The password is temporary and is required to be updated on the first login. To change the Welcome Email please use `php artisan vendor:publish --provider="berthott\KeycloakUsers\KeycloakUsersServiceProvider" --tag="views"`. Options ------- [](#options) To change the default options use ``` $ php artisan vendor:publish --provider="berthott\KeycloakUsers\KeycloakUsersServiceProvider" --tag="config" ``` - `mail.from.address`: From Address defaults to `'example@laravel-keycloak-users.com'` - `mail.from.name`: From Name defaults to `env('APP_NAME')` - `mail.subject`: Subject defaults to `'Welcome to '.env('APP_NAME')` - `mail.link`: Link defaults to `env('APP_URL')` - `auto_sync`: The local laravel users will be synced with the keycloak users on every request. This will slow down the request performance significantly. Use `keycloak:sync` instead. Defaults to `env('KEYCLOAK_USERS_AUTO_SYNC', false)`. Dependencies ------------ [](#dependencies) The `User` model is created the [laravel-crudable](https://docs.syspons-dev.com/laravel-crudable) package. Compatibility ------------- [](#compatibility) Tested with Laravel 10.x and Keycloak 20. License ------- [](#license) See [License File](license.md). Copyright © 2023 Jan Bladt. ### Health Score 38 — LowBetter than 85% of packages Maintenance53 Moderate activity, may be stable Popularity19 Limited adoption so far Community10 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 97.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~99 days Recently: every ~265 days Total 17 Last Release 118d ago Major Versions 1.0.7 → 2.0.02022-03-23 2.0.2 → 3.0.02023-02-16 ### Community Maintainers ![](https://www.gravatar.com/avatar/af6377eb5c44e90728f87b66923f10a0c7c81c2f05538763a4d1c5dac8a79ceb?d=identicon)[berthott](/maintainers/berthott) --- Top Contributors [![berthott](https://avatars.githubusercontent.com/u/3034025?v=4)](https://github.com/berthott "berthott (41 commits)")[![ajabusch](https://avatars.githubusercontent.com/u/11186042?v=4)](https://github.com/ajabusch "ajabusch (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/berthott-laravel-keycloak-users/health.svg) ``` [![Health](https://phpackages.com/badges/berthott-laravel-keycloak-users/health.svg)](https://phpackages.com/packages/berthott-laravel-keycloak-users) ``` ### Alternatives [josiasmontag/laravel-recaptchav3 Recaptcha V3 for Laravel package 2641.6M2](/packages/josiasmontag-laravel-recaptchav3)[rahul900day/laravel-captcha Different types of Captcha implementation for Laravel Application. 10715.9k](/packages/rahul900day-laravel-captcha)[simplesamlphp/simplesamlphp-module-oidc A SimpleSAMLphp module adding support for the OpenID Connect protocol 5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc)[kinde-oss/kinde-auth-php Kinde PHP SDK for authentication 2369.5k3](/packages/kinde-oss-kinde-auth-php)[descope/descope-php Descope SDK for PHP 3814.0k](/packages/descope-descope-php)[njoguamos/laravel-turnstile A laravel wrapper for https://developers.cloudflare.com/turnstile/ 2315.9k2](/packages/njoguamos-laravel-turnstile) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)