In the week of May 27th 2024, Extiverse will be merged into one unified platform: Read more

Keycloak Login

Allow users to sign in/up/out with Keycloak.

Compatible with Flarum v1.8.5

Latest release


released on May 28, 2019



Keycloak OAuth Flarum Extension

Allows users to login/logout using Keycloak.


To install, use composer:

composer require spookygames/flarum-ext-auth-keycloak


  • Install extension via Composer / Packagist
  • Enable extension in the admin/extensions of Flarum
  • Fill in the settings field for the extension
  • Make sure signup is Open in admin/permissions (here's why)

Keycloak setup

Written for Keycloak version 4.8.3-final, tested up to 21.1.1, and Flarum 1.3.0. Your mileage may vary.

From the Clients tab, add a new client for your Flarum instance (or use an existing one). Root URL should be the URL of your Flarum instance.

Add Keycloak client

In order to map Keycloak roles onto Flarum groups, you have to make roles visible from the userinfo endpoint. To this extent, add a mapper to your new client.

Create Keycloak mapper

Add role mapper to Keycloak client

From the Realm Settings tab, find the key used by the OpenId Connect workflow (by default, RS256). Copy the algorithm as well as the public key.

Find Keycloak keys

Extension settings

In the end, extension settings will be:

  • Keycloak version: the version of your Keycloak instance.
  • Server URL: the URL to your Keycloak instance, like Beware the "auth" with no trailing slash for Keycloak versions < 20.
  • Realm: the authentication realm you created for your Flarum.
  • Client ID: the name of the client you created above.
  • Client Secret: defaults to client ID if you do not override.
  • Encryption algorithm: defaults to RS256.
  • Encryption key (or cert): you may copy here the content of what was displayed after you pressed the "Public key" button on Keycloak.
  • Role-to-group mapping: An associative array with roles as keys and group names as values, in JSON format. Example: {"ROLE_MEMBER":"Member","ROLE_MODERATOR":"Mods","ROLE_ADMIN":"Admin"}.
  • Attribute mapping: An associative array with Keycloak attributes as keys and Flarum User attributes as values, in JSON format. Might be used for other extensions. Do not forget client mappers on Keycloak! Example: {"moniker":"nickname","badges":"badges"}.
  • Delegate avatars: if enabled, the "picture" attribute from Keycloak will be used to handle user avatar instead of Flarum's default behaviour.


User created with an odd name that does not match actual user name like 'tgtplwexeowwluxnqid4cjgw' (original issue)

Flarum only allows user names that match the regular expression /[^a-z0-9-_]/i. Every Keycloak user with a "preferred_username" not matching this expression will instead be assigned a random name, as well as a proper Flarum "nickname". In order to see the nickname instead of the random user name, activate the Nicknames extension and use the User Display Name driver named nickname.

© 2024 Hyn by DaniĆ«l "Luceos" Klabbers. All rights reserved. · Extensions and extension information is provided by the respective (copyright holding) authors. · Extiverse is not affiliated to the Flarum project or Flarum foundation. · Images on Extiverse pages are from Unsplash.