PHPackages                             spookygames/flarum-ext-auth-keycloak - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. spookygames/flarum-ext-auth-keycloak

ActiveFlarum-extension[Authentication &amp; Authorization](/categories/authentication)

spookygames/flarum-ext-auth-keycloak
====================================

Allow users to sign in/up/out with Keycloak.

1.8.0.1(3w ago)171.5k↓70%6[1 issues](https://github.com/spookygames/flarum-ext-auth-keycloak/issues)[7 PRs](https://github.com/spookygames/flarum-ext-auth-keycloak/pulls)MITPHPCI failing

Since May 28Pushed 1w ago1 watchersCompare

[ Source](https://github.com/spookygames/flarum-ext-auth-keycloak)[ Packagist](https://packagist.org/packages/spookygames/flarum-ext-auth-keycloak)[ RSS](/packages/spookygames-flarum-ext-auth-keycloak/feed)WikiDiscussions master Synced today

READMEChangelog (5)Dependencies (4)Versions (30)Used By (0)

flarum-ext-auth-keycloak
========================

[](#flarum-ext-auth-keycloak)

Keycloak OAuth Flarum Extension

Use your keycloak server to handle user authentication and map roles and attributes.

Compatibility
-------------

[](#compatibility)

Originally written for Keycloak 4.8.3-final and Flarum 0.1.0-beta.5.

Tested up to Keycloak 24.0.2 and Flarum 1.8.4 (versions used for the screenshots).

Your mileage may vary.

Base setup
----------

[](#base-setup)

### Keycloak

[](#keycloak)

From the *Clients* tab, create a new client to connect to your Flarum instance.

[![Create Keycloak client, step 1](images/keycloak-client-create-step-1.png)](images/keycloak-client-create-step-1.png)

On step 2, enable Client Authentication. This way the client is `confidential` and gets its own secret. (Optional yet recommended)

[![Create Keycloak client, step 2](images/keycloak-client-create-step-2.png)](images/keycloak-client-create-step-2.png)

On step 3, Root URL should be the base URL of your Flarum instance.

[![Create Keycloak client, step 3](images/keycloak-client-create-step-3.png)](images/keycloak-client-create-step-3.png)

Once the client is created, if you made the client `confidential` in step 2, then head over to its *Credentials* tab and copy Client Secret somewhere.

[![Copy Keycloak client secret](images/keycloak-client-copy-secret.png)](images/keycloak-client-copy-secret.png)

Eventually, head over the *Realm Settings* tab, then find the key used by the OpenId Connect workflow (by default, RS256). Copy the Algorithm somewhere. Copy the Public Key somewhere too (copy what is displayed after you press the "Public key" button).

[![Copy Keycloak realm key](images/keycloak-realm-copy-key.png)](images/keycloak-realm-copy-key.png)

### Flarum

[](#flarum)

Install extension via Composer / Packagist.

```
composer require spookygames/flarum-ext-auth-keycloak

```

Head over the Flarum admin panel (for instance ).

In the Permissions tab, make sure Sign up is Open ([here's why](https://github.com/spookygames/flarum-ext-auth-keycloak/issues/22)).

[![Open Sign up in Flarum admin panel](images/flarum-admin-open-signup.png)](images/flarum-admin-open-signup.png)

In the Extensions tab, enable extension and configure as needed.

[![Configure extension in Flarum admin panel](images/flarum-admin-configure-extension.png)](images/flarum-admin-configure-extension.png)

- Keycloak version: the version of your Keycloak instance.
- Server URL: the URL to your Keycloak instance, like . Beware the "auth" with no trailing slash for Keycloak versions &lt; 20.
- Realm: the authentication realm you created for your Flarum.
- Client ID: the name of the client you created above.
- Client Secret: paste from client creation step 2, defaults to client ID if you do not override.
- Encryption algorithm: paste from client creation, defaults to RS256.
- Encryption key (or cert): paste from client creation.
- Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example: `{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}`.
- Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example: `{"moniker":"nickname","badges":"badges"}`.
- Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.
- Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example: `{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}`.
- Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example: `{"moniker":"nickname","badges":"badges"}`.
- Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.

Advanced Setup: Sync Keycloak roles with Flarum groups
------------------------------------------------------

[](#advanced-setup-sync-keycloak-roles-with-flarum-groups)

In order to map Keycloak roles onto Flarum groups, you have to make roles visible from the userinfo endpoint. To this extent, add a mapper to your new client.

[![Create Keycloak mapper](images/keycloak-create-mapper-1.png "Create Keycloak mapper")](images/keycloak-create-mapper-1.png)

[![Add role mapper to Keycloak client](images/keycloak-create-mapper-2.png "Add role mapper to Keycloak client")](images/keycloak-create-mapper-2.png)

Advanced Setup: Update Flarum avatar with Keycloak picture
----------------------------------------------------------

[](#advanced-setup-update-flarum-avatar-with-keycloak-picture)

Extension settings
------------------

[](#extension-settings)

- Keycloak version: the version of your Keycloak instance.
- Server URL: the URL to your Keycloak instance, like . Beware the "auth" with no trailing slash for Keycloak versions &lt; 20.
- Realm: the authentication realm you created for your Flarum.
- Client ID: the name of the client you created above.
- Client Secret: defaults to client ID if you do not override.
- Encryption algorithm: defaults to RS256.
- Encryption key (or cert): you may copy here the content of what was displayed after you pressed the "Public key" button on Keycloak.
- Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example: `{"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}`.
- Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example: `{"moniker":"nickname","badges":"badges"}`.
- Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.

Troubleshooting
---------------

[](#troubleshooting)

### User created with an odd name that does not match actual username like 'tgtplwexeowwluxnqid4cjgw' ([original issue](https://github.com/spookygames/flarum-ext-auth-keycloak/issues/21))

[](#user-created-with-an-odd-name-that-does-not-match-actual-username-like-tgtplwexeowwluxnqid4cjgw-original-issue)

Flarum only allows usernames that match the regular expression `/[^a-z0-9-_]/i`. Every Keycloak user with a "preferred\_username" not matching this expression will instead be assigned a random name, as well as a proper Flarum "nickname". In order to see the nickname instead of the random username, activate the Nicknames extension and use the User Display Name driver named *nickname*.

###  Health Score

55

—

FairBetter than 97% of packages

Maintenance95

Actively maintained with recent releases

Popularity29

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity70

Established project with proven stability

 Bus Factor1

Top contributor holds 67.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~151 days

Recently: every ~310 days

Total

18

Last Release

23d ago

Major Versions

0.1.0-beta.16-1 → 1.0.02021-06-10

### Community

Maintainers

![](https://www.gravatar.com/avatar/7049c7d19d7b5e8d487a8630f84155e765e57d375973e86ffdc4691f42a21393?d=identicon)[thorthur](/maintainers/thorthur)

---

Top Contributors

[![arthurtemple](https://avatars.githubusercontent.com/u/953645?v=4)](https://github.com/arthurtemple "arthurtemple (59 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (28 commits)")

---

Tags

Authentication

### Embed Badge

![Health badge](/badges/spookygames-flarum-ext-auth-keycloak/health.svg)

```
[![Health](https://phpackages.com/badges/spookygames-flarum-ext-auth-keycloak/health.svg)](https://phpackages.com/packages/spookygames-flarum-ext-auth-keycloak)
```

###  Alternatives

[flarum-lang/russian

Russian language pack for Flarum.

12128.3k](/packages/flarum-lang-russian)[maicol07/flarum-ext-sso

SSO for Flarum

468.7k](/packages/maicol07-flarum-ext-sso)[tituspijean/flarum-ext-auth-ldap

Allow users to log in through LDAP.

216.4k](/packages/tituspijean-flarum-ext-auth-ldap)[nomiscz/flarum-ext-auth-wechat

Allow users to log in with WeChat

152.6k](/packages/nomiscz-flarum-ext-auth-wechat)[hehongyuanlove/flarum-auth-qq

Allow users to log in with QQ

111.0k](/packages/hehongyuanlove-flarum-auth-qq)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
