Keycloak registration/signup page #6368
Replies: 4 comments 4 replies
-
|
If this is the right spec, you just set the https://openid.net/specs/openid-connect-prompt-create-1_0.html#name-prompt-parameter |
Beta Was this translation helpful? Give feedback.
-
|
I did used like this . signIn("keycloak", null, { prompt: "create" }); |
Beta Was this translation helpful? Give feedback.
-
|
Yeah this unfortunately does not work. Keylcoak serves authorization endpoint on
I could of course create the registration link manually but then I'm unsure on how to check for state and nonce on callback. The registration works this way but the redirect to I tried using a custom Only way to do registrations properly is going to the login of Keycloak and clicking "Register" there, but that does not fit our requirements as we need a Keycloak register button in our UI. |
Beta Was this translation helpful? Give feedback.
-
|
So I have found a very hack workaround, I'm not very happy with at all but I guess it will have to do for now. First I created a function const registrationEndpoint = `${process.env.NEXT_PUBLIC_KEYCLOAK_URL}/realms/${process.env.NEXT_PUBLIC_KEYCLOAK_REALM}/protocol/openid-connect/registrations`
export const createRegistrationUrl = (redirectUri: string) => {
const params = new URLSearchParams()
params.set('client_id', process.env.NEXT_PUBLIC_KEYCLOAK_CLIENT_ID)
params.set('redirect_uri', redirectUri)
params.set('scope', 'openid profile email')
params.set('response_type', 'code')
params.set('response_mode', 'fragment')
return `${registrationEndpoint}?${params.toString()}`
}This is mostly taken from keycloak-js although it's vastly simplified and I'm sure there's some security aspect of it I'm not understanding and completely neglecting. I then use this function like so: createRegistrationUrl(`${window.location.origin}/callback?type=post_register?redirect_uri=/`)Note the following:
This Page goes ruffly like this: export default function Callback() {
const router = useRouter()
useEffect(() => {
if (!router.isReady) return
const type = assertString(router.query['type'])
const redirectUri = assertString(router.query['redirect_uri'])
if (!type) {
router.replace(redirectUri ?? '/')
return
}
switch (type) {
case 'post_register': {
if (!redirectUri) {
router.replace('/')
return
}
signIn('keycloak', { callbackUrl: redirectUri })
return
}
}
}, [router])
return <span>Loading...</span>
)
}This signes in the user on the next-auth side and as the user is already logged in on the keycloak side there's no need to login. Next-auth will then direct the user back to the page they originally came from with the I guess this is acceptable although I would love to see a way to accomplish this in next-auth. |
Beta Was this translation helpful? Give feedback.
-
|
+1 |
Beta Was this translation helpful? Give feedback.
-
|
As far as I can tell, the easiest path forward would be for Keycloak to support the OIDC Hopefully Keycloak will notice it and add it (seems to be a relatively simple add) although there has been no response from devs thus far in 2 years since it was opened. |
Beta Was this translation helpful? Give feedback.
-
|
Seems that keycloak/keycloak#10701 was addressed and merged into keycloak 26.x version. Unless it's already somehow addressed in next-auth, may I take this up and implement as contribution to this awesome package? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, do you have any news about the implementation of prompt=create in nextauth? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Question 💬
Thanks for the awesome library. Implemented the keycloak authentication with next-auth. In one condition, i need to redirect the user to keycloak registration page instead of signIn page. How can i acheive it
How to reproduce ☕️
openid-connect/registrations - custom link used . But no use. please help me on this
Contributing 🙌🏽
Yes, I am willing to help answer this question in a PR
Beta Was this translation helpful? Give feedback.
All reactions