Clarification about Keycloak auth provider

Hey folks,
I am new to Strapi and I want to store user profile details in my CMS, I have a keycloak auth provider for all the other apps on my website (ecommerce, notifications etc.) and I have a few questions about expected behavior.

  • Strapi does not show the option to login with Keycloak on the admin page: http://localhost:1337/admin is that expected?
  • Going to http://localhost:1337/api/connect/keycloak redirects correctly to my Keycloak instance, upon successful login to Keycloak it redirects to my frontend application successfully as well
  • However, Strapi does not create a new user with the token information (email, name etc.) from Keycloak, is that expected?
  • If yes to the first question, now that the user is authenticated can I call a mutation to create a new profile record for that user in a collection ensure it requires auth?
  • How do I ensure that after authentication the user is only able to see their own user profile records and not profile records from other users in the collection if they try to directly hit the API endpoint?

This topic has been created from a Discord post (1253488490054942910) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

1 Like

@Shri thanks for haniging out with us in the open office hourse. Glad Derrick was ther to help with all the good hard questions you asked.

Thank you <@960590891200970812> and <@211722558385553408> for all the information! I’ll get down to implementation this weekend and reach back out if I have any more questions! Super excited to get started with Strapi! :smile::pray:

hello! I have the same scenario, but instead of keycloak I use zitadel. The user authenticated in zitadel must have access to the strapi rest api. Did you make it? Is there any guide on the necessary steps? thank you :people_hugging:

I did get keycloak working, but I decided that I did not need that level of per user access control. Instead I am now using an API key and letting my frontend handle the authorization of which user role can perform what action.