PHPackages                             scicloud-eu/flarum-ext-auth-keycloak - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. scicloud-eu/flarum-ext-auth-keycloak

ActiveFlarum-extension[Authentication &amp; Authorization](/categories/authentication)

scicloud-eu/flarum-ext-auth-keycloak
====================================

Allow users to sign in/up/out with Keycloak.

06PHP

Since Oct 7Pushed 1y agoCompare

[ Source](https://github.com/SciCloud-EU/flarum-ext-auth-keycloak)[ Packagist](https://packagist.org/packages/scicloud-eu/flarum-ext-auth-keycloak)[ RSS](/packages/scicloud-eu-flarum-ext-auth-keycloak/feed)WikiDiscussions master Synced today

READMEChangelog (1)DependenciesVersions (1)Used By (0)

flarum-ext-auth-keycloak
========================

[](#flarum-ext-auth-keycloak)

Keycloak OAuth Flarum Extension

Allows users to login/logout using Keycloak.

Installation
------------

[](#installation)

To install, use composer:

```
composer require scicloud-eu/flarum-ext-auth-keycloak

```

Usage
-----

[](#usage)

- Install extension via Composer / Packagist
- Enable extension in the admin/extensions of Flarum
- Fill in the settings field for the extension
- Make sure signup is Open in admin/permissions ([here's why](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/issues/22))

Keycloak setup
--------------

[](#keycloak-setup)

Written for Keycloak version 4.8.3-final, tested up to 21.1.1, and Flarum 1.3.0. Your mileage may vary.

From the *Clients* tab, add a new client for your Flarum instance (or use an existing one). Root URL should be the URL of your Flarum instance.

[![Add Keycloak client](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-add-client.png "Add Keycloak client")](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-add-client.png)

In order to map Keycloak roles onto Flarum groups, you have to make roles visible from the userinfo endpoint. To this extent, add a mapper to your new client.

[![Create Keycloak mapper](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-create-mapper-1.png "Create Keycloak mapper")](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-create-mapper-1.png)

[![Add role mapper to Keycloak client](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-create-mapper-2.png "Add role mapper to Keycloak client")](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-create-mapper-2.png)

From the *Realm Settings* tab, find the key used by the OpenId Connect workflow (by default, RS256). Copy the algorithm as well as the public key.

[![Find Keycloak keys](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-find-keys.png "Find Keycloak keys")](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/raw/master/images/keycloak-find-keys.png)

Extension settings
------------------

[](#extension-settings)

In the end, extension settings will be:

- Keycloak version: the version of your Keycloak instance.
- Server URL: the URL to your Keycloak instance, like . Beware the "auth" with no trailing slash for Keycloak versions &lt; 20.
- Realm: the authentication realm you created for your Flarum.
- Client ID: the name of the client you created above.
- Client Secret: defaults to client ID if you do not override.
- Encryption algorithm: defaults to RS256.
- Encryption key (or cert): you may copy here the content of what was displayed after you pressed the "Public key" button on Keycloak.
- Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example: `{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}`.
- Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example: `{"moniker":"nickname","badges":"badges"}`.
- Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.

Troubleshooting
---------------

[](#troubleshooting)

### User created with an odd name that does not match actual user name like 'tgtplwexeowwluxnqid4cjgw' ([original issue](https://github.com/scicloud-eu/flarum-ext-auth-keycloak/issues/21))

[](#user-created-with-an-odd-name-that-does-not-match-actual-user-name-like-tgtplwexeowwluxnqid4cjgw-original-issue)

Flarum only allows user names that match the regular expression `/[^a-z0-9-_]/i`. Every Keycloak user with a "preferred\_username" not matching this expression will instead be assigned a random name, as well as a proper Flarum "nickname". In order to see the nickname instead of the random user name, activate the Nicknames extension and use the User Display Name driver named *nickname*.

###  Health Score

15

—

LowBetter than 3% of packages

Maintenance28

Infrequent updates — may be unmaintained

Popularity4

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity17

Early-stage or recently created project

 Bus Factor1

Top contributor holds 67.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/61141162?v=4)[Zixia Liu](/maintainers/LiuZixia)[@LiuZixia](https://github.com/LiuZixia)

---

Top Contributors

[![arthurtemple](https://avatars.githubusercontent.com/u/953645?v=4)](https://github.com/arthurtemple "arthurtemple (49 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (21 commits)")[![LiuZixia](https://avatars.githubusercontent.com/u/61141162?v=4)](https://github.com/LiuZixia "LiuZixia (3 commits)")

### Embed Badge

![Health badge](/badges/scicloud-eu-flarum-ext-auth-keycloak/health.svg)

```
[![Health](https://phpackages.com/badges/scicloud-eu-flarum-ext-auth-keycloak/health.svg)](https://phpackages.com/packages/scicloud-eu-flarum-ext-auth-keycloak)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.3M17](/packages/kartik-v-yii2-password)[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
