Keycloak

Overview

Keycloak works best through the built-in oauth2 provider with OIDC discovery via issuerUrl.

OIDC discovery example

import { SocialLogin } from '@capgo/capacitor-social-login';

await SocialLogin.initialize({
  oauth2: {
    keycloak: {
      issuerUrl: 'https://sso.example.com/realms/mobile',
      clientId: 'mobile-app',
      redirectUrl: 'myapp://oauth/keycloak',
      scope: 'openid profile email offline_access',
      pkceEnabled: true,
    },
  },
});

const result = await SocialLogin.login({
  provider: 'oauth2',
  options: {
    providerId: 'keycloak',
  },
});

Direct endpoint example

await SocialLogin.initialize({
  oauth2: {
    keycloak: {
      appId: 'mobile-app',
      authorizationBaseUrl: 'https://sso.example.com/realms/mobile/protocol/openid-connect/auth',
      accessTokenEndpoint: 'https://sso.example.com/realms/mobile/protocol/openid-connect/token',
      redirectUrl: 'myapp://oauth/keycloak',
      scope: 'openid profile email offline_access',
      pkceEnabled: true,
      resourceUrl: 'https://sso.example.com/realms/mobile/protocol/openid-connect/userinfo',
      logoutUrl: 'https://sso.example.com/realms/mobile/protocol/openid-connect/logout',
    },
  },
});

Related docs

• OAuth2 and OIDC providers
• Better Auth integration

Keep going from Keycloak

If you are using Keycloak to plan authentication and account flows, connect it with Using @capgo/capacitor-social-login for the native capability in Using @capgo/capacitor-social-login, @capgo/capacitor-social-login for the implementation detail in @capgo/capacitor-social-login, @capgo/capacitor-passkey for the implementation detail in @capgo/capacitor-passkey, @capgo/capacitor-native-biometric for the implementation detail in @capgo/capacitor-native-biometric, and Two-factor authentication for the implementation detail in Two-factor authentication.