A modern Vue 3 application with serverless Keycloak social login integration. No backend server required - communicates directly with Keycloak for authentication.A simple one-page Node.js application for Keycloak social login with advanced debugging capabilities. Runs on localhost:8000.
-
π Vue 3 with Composition API- π Simple one-page interface for social login
-
π Direct Keycloak integration (serverless)- π Keycloak integration with social providers
-
πͺ Pinia state management- π Advanced debugging and logging
-
π£οΈ Vue Router with authentication guards- π Real-time server health monitoring
-
π± Responsive design- π Protected routes and session management
-
π CSP-safe authentication (no iframes)- π¨ Modern, responsive UI design
-
π¨ Modern UI components- π Comprehensive API endpoints
-
β‘ Vite for fast development
-
Node.js (v14 or higher)
-
Node.js (v16 or higher)2. Keycloak Server running on
http://localhost:8080 -
Keycloak Server accessible at
https://auth.utribe.app
```bashnpm install
npm install```
```bash# Regular mode
npm run devnpm start
The application will be available at: **http://localhost:5173**npm run dev
npm run debug
bash
npm run build
Static files will be generated in the `dist/` directory.### 3. Configure Keycloak
## Keycloak Configuration1. Access Keycloak Admin Console: http://localhost:8080/auth/admin
2. Create a new client named `keycloak-social-login`
The application requires the following Keycloak client configuration:3. Configure the client settings:
- Client Protocol: `openid-connect`
### Client Settings - Access Type: `public`
- **Client ID**: `giftportal` - Valid Redirect URIs: `http://localhost:8000/*`
- **Client Protocol**: `openid-connect` - Web Origins: `http://localhost:8000`
- **Access Type**: `public`
- **Valid Redirect URIs**: ## Configuration
- `http://localhost:5173/*` (development)
- `https://yourdomain.com/*` (production)### Keycloak Configuration
- **Web Origins**:
- `http://localhost:5173` (development)Edit the `keycloak.json` file or modify the configuration in `server.js`:
- `https://yourdomain.com` (production)
- **CORS Enabled**: `true````json
{
### Required Settings for Direct Client Communication "realm": "master",
- Enable CORS in Keycloak admin console "auth-server-url": "http://localhost:8080/auth",
- Add your domain to "Web Origins" "ssl-required": "external",
- Configure proper redirect URIs "resource": "keycloak-social-login",
"public-client": true,
## Project Structure "confidential-port": 0
}
keycloak_login1/
βββ src/### Environment Variables
β βββ components/ # Vue components
β β βββ AuthButton.vue # Login/logout buttonYou can set these environment variables:
β βββ composables/ # Vue composables
β β βββ useAuth.js # Authentication composable- NODE_ENV: Environment mode (development/production)
β βββ services/ # Services- DEBUG: Debug output level (e.g., keycloak-app)
β β βββ csp-safe-keycloak.js # Keycloak integration- PORT: Server port (default: 8000)
β βββ stores/ # Pinia stores
β β βββ authStore.js # Authentication state## API Endpoints
β βββ views/ # Page components
β β βββ Home.vue| Endpoint | Method | Description | Authentication |
β β βββ Login.vue|----------|--------|-------------|----------------|
β β βββ Dashboard.vue| / | GET | Home page | Public |
β β βββ Profile.vue| /login | GET | Initiate login | Public |
β β βββ AuthCallback.vue| /logout | GET | User logout | Public |
β β βββ NotFound.vue| /protected | GET | Protected area | Required |
β βββ App.vue # Root component| /api/userinfo | GET | User information API | Required |
β βββ main.js # Application entry point| /health | GET | Health check | Public |
βββ index.html # HTML template
βββ vite.config.js # Vite configuration## Advanced Debugging
βββ package.json # Dependencies
## Authentication Flow1. **Basic Debug**: `npm run dev`
- Shows Keycloak application logs
1. **User clicks login** β Redirects to Keycloak - Session information
2. **Keycloak authentication** β User logs in with Google/credentials - Authentication status
3. **OAuth callback** β Returns with authorization code
4. **Token exchange** β Direct call to Keycloak token endpoint2. **Full Debug**: `npm run debug`
5. **Store tokens** β Save in localStorage and Pinia store - All basic debug info
6. **Authenticated state** β Access protected routes - Express framework logs
- HTTP request details
## API Integration
### Browser Debug Panel
The application communicates directly with Keycloak endpoints:
The web interface includes a built-in debug panel:
- **Token Exchange**: `https://auth.utribe.app/realms/utribe/protocol/openid-connect/token`- Real-time server status
- **User Info**: `https://auth.utribe.app/realms/utribe/protocol/openid-connect/userinfo`- Health monitoring
- **Logout**: `https://auth.utribe.app/realms/utribe/protocol/openid-connect/logout`- Request logging
- Browser information
## Development
### Debug Output Examples
### Running in Development Mode
```bash
```bash# Enable specific debug categories
npm run devDEBUG=keycloak-app node server.js
```DEBUG=keycloak-app,express:* node server.js
DEBUG=* node server.js # Enable all debug output
### Building for Production```
```bash## Project Structure
npm run build
keycloak_login1/
βββ public/
npm run previewβββ package.json # Project configuration
```βββ keycloak.json # Keycloak client configuration
βββ .gitignore # Git ignore rules
## Deploymentβββ README.md # This file
Since this is a client-side only application, you can deploy the built files to any static hosting service:
-
Build the application:
npm run build -
Deploy the
dist/folder to:### Running in Development Mode-
Netlify
-
Vercel```bash
-
AWS S3 + CloudFront# Start with auto-restart (requires nodemon)
-
GitHub Pagesnpm install -g nodemon
-
Any static hosting servicenodemon server.js
-
-
Update Keycloak client redirect URIs to your production domainnpm run dev
-
Configure CORS settings in Keycloak for your production domain```
-
Ensure HTTPS is enabled for production deployments
- Health Check: Visit http://localhost:8000/health
-
PKCE (Proof Key for Code Exchange) flow2. Login Flow: Click "Login with Keycloak" on the home page
-
CSP-safe authentication (no iframes)3. Protected Access: Try accessing http://localhost:8000/protected
-
Secure token storage4. API Testing: Use curl or Postman to test endpoints
-
Automatic token refresh
-
Route guards for protected areas### Troubleshooting
-
Direct Keycloak communication (no server-side secrets)
- Keycloak Connection Issues:
Troubleshooting - Ensure Keycloak is running on http://localhost:8080
- Check client configuration in Keycloak admin console
-
CORS Issues: Ensure your domain is added to Keycloak client's "Web Origins" - Verify redirect URIs are correct
-
Redirect Issues: Check that redirect URIs are configured correctly in Keycloak
-
Token Issues: Verify client ID and realm configuration2. Authentication Problems:
-
Build Issues: Ensure Node.js version is 16 or higher - Clear browser cookies and session data
- Check Keycloak client settings
ISC License - see package.json for details.3. Debug Information:
- Enable full debugging:
npm run debug - Check browser console for client-side errors
- Use the built-in debug panel
- Session management with secure cookies
- CORS protection
- Input validation and sanitization
- Secure logout handling
- Token expiration management
For production deployment:
- Set
NODE_ENV=production - Use HTTPS (set
secure: truefor cookies) - Configure proper session store (Redis recommended)
- Set up reverse proxy (nginx/Apache)
- Configure proper CORS settings
- Use environment variables for sensitive configuration
ISC License - see package.json for details.