A lightweight and interactive Keycloak Playground to experiment with:
- π Authentication using Keycloak
- π§ UMA (User-Managed Access)
- π§Ύ Tokens (Access & ID)
- π₯ Roles & Permissions
- βΉοΈ User information
The goal of this project is to provide a ready-to-use demo environment to test Keycloak features without complex setup.
- Login / Logout with Keycloak
- View Access & ID tokens (raw and decoded)
- UMA Playground β request protected resources
- Roles & Permissions viewer
- Simple βAboutβ page (version info)
- Docker-ready for quick deployment
| Login Page | UMA Playground |
|---|---|
You can quickly run the frontend and backend using Docker images published on Docker Hub.
docker run -d \
-p 8080:80 \
-e VITE_KEYCLOAK_URL="http://auth.localhost" \
-e VITE_KEYCLOAK_REALM="test" \
-e VITE_KEYCLOAK_CLIENT_ID="js-client" \
-e VITE_API_BASE_URL="http://localhost:3000" \
antoinecrochet/keycloak-playground:latestAccess the UI at π http://localhost:8080
docker run -d \
-p 3000:3000 \
-e KEYCLOAK_URL="http://auth.localhost" \
-e KEYCLOAK_REALM="test" \
-e KEYCLOAK_CLIENT_ID="rs-server" \
-e KEYCLOAK_CLIENT_SECRET="***" \
-e FRONTEND_URL="http://localhost:8080"
antoinecrochet/keycloak-playground-backend:latestThe backend is optional β itβs only required for UMA testing.
If you want to modify or extend the playground:
git clone https://github.com/antoinecrochet/keycloak-playground.git
cd keycloak-playgroundcd frontend
npm install
npm run devFrontend will run by default on http://localhost:5173
cd backend
npm install
npm run devBackend will run by default on http://localhost:3000
| Variable | Description | Default |
|---|---|---|
VITE_KEYCLOAK_URL |
Keycloak base URL | http://auth.localhost |
VITE_KEYCLOAK_REALM |
Keycloak Realm | test |
VITE_KEYCLOAK_CLIENT_ID |
Frontend client ID | js-client |
VITE_API_BASE_URL |
Backend API URL | http://localhost:3000 |
KEYCLOAK_URL (backend) |
Keycloak base URL | http://auth.localhost |
KEYCLOAK_REALM (backend) |
Keycloak Realm | test |
KEYCLOAK_CLIENT_ID (backend) |
Backend client ID | rs-server |
KEYCLOAK_CLIENT_SECRET (backend) |
Backend client secret | |
FRONTEND_URL (backend) |
Frontend URL for CORS | http://localhost:5173 |
To use the playground, you need a running Keycloak server.
Minimum configuration:
-
Create a Realm (e.g.
test). -
Create a public client (e.g.
js-client)- Access Type:
public - Valid redirect URIs:
http://localhost:5173/*(or your deployment URL) - Web Origins:
+
- Access Type:
-
(Optional for UMA) Create a confidential client (e.g.
rs-server) with service account enabled.- Access Type:
confidential - Authorization :
enabled - Configure resources and authorization policies in Keycloak Authorization tab.
- Access Type:
Once this is done, set the environment variables accordingly (.env or Docker env vars).
If backend is running, you can:
- Call a protected resource from the UMA Playground tab.
- Keycloak will issue an UMA ticket and the backend will exchange it for an RPT.
- You can configure resources and permissions in Keycloak without modifying your backend code.
Advantages:
- Authorization is centralized in Keycloak.
- Easy to adjust permissions without redeploying your API.
keycloak-playground/
βββ frontend/ # React + Vite UI
βββ backend/ # Node.js API (UMA + token handling)
βββ docs/ # Screenshots & documentation
βββ .github/workflows/ # CI/CD pipeline
βββ README.md
| Image | Description | Link |
|---|---|---|
antoinecrochet/keycloak-playground |
Frontend UI | Docker Hub |
antoinecrochet/keycloak-playground-backend |
Backend (Node.js API) | Docker Hub |
This project is licensed under the MIT License. See LICENSE for details.
π¨βπ» Author: Antoine Crochet β If you like this project, consider giving it a star on GitHub!