← Back

Keycloakkit Docs

Getting Started

Keycloakkit helps you instantly launch working Keycloak realms for OAuth, SSO, JWT testing — no setup, no stress.

1. Launch Your Realm

You can instantly spin up a secure, isolated Keycloak realm using app.keycloakkit.com. Just click "Launch My Realm" and within seconds, you’ll receive:

  • Auto-generated clients (public + confidential)
  • Pre-configured test users mapped to roles
  • OpenID Connect endpoints for authentication
  • Built-in curl + Postman token testers
  • Copy-to-clipboard tools for .env, secrets, and tokens

Realms are fully functional for 24 hours. After that, they auto-expire and reset to keep your dev workspace clean. You can also manually reset or delete your realm anytime using the buttons in the summary panel above.

2. Copy Realm Config

Once your realm is launched, every client card will show a "View Config" button. This reveals essential credentials like client_id, client_secret, redirect URIs, and OpenID endpoints.

  • Copy in ready-to-use .env format for server use
  • Copy in JSON format for tools like Postman, Insomnia, or CLI
  • All fields are masked for safety but easily copyable
  • Both public and confidential clients come with unique config previews

Whether you’re building frontend apps, backend APIs, or mobile flows — you can plug these configs into any OAuth2-compliant library instantly.

3. Clients & Credentials

Every realm includes two preconfigured OAuth2 clients to help you test both backend and frontend flows: a Confidential Client for server-side use, and a Public Client for browser-based apps (SPA).

🌐 Public Client (SPA)

This client is ideal for Single Page Applications such as React, Angular, or Vue. It does not require a client secret and uses Authorization Code + PKCE flow.

  • Client ID: auto-generated and visible in your dashboard
  • Redirect URIs: includes http://localhost:3000/*
  • Allowed Origins: includes wildcard and http://localhost:3000
  • You can copy the config directly via “Copy .env” button

🔐 Confidential Client (Backend)

This client is intended for secure server-to-server communication and is preconfigured with a client secret. It supports common grant types such as client_credentials and password, enabling seamless backend integration.

  • The dashboard clearly displays the client secret in a secure input box with copy-to-clipboard support.
  • You can instantly try the token flow via Postman or use the prefilled curl from the Try on Postman button.
  • Upon successful login, your dashboard auto-generates the access token using our built-in token generator.
  • Use the “Copy Token” button to easily share or test the token across tools.
  • Click “Decode Token” to open a live JWT inspector that highlights all claims (e.g., iss, exp, realm_access, scope).

This makes backend integration frictionless — whether you’re building microservices, secure APIs, or internal admin dashboards, Keycloakkit provides a ready-to-go confidential client setup with real-time tools to validate your auth flow.

4. Users & Test Accounts

Every realm comes with default test users configured to help you simulate login, token generation, and access control scenarios. These users allow developers to verify OAuth2 flows without building custom signup or authentication logic from scratch.

  • Admin User: Has full access to clients, roles, and realm configuration. Ideal for testing protected admin dashboards.
  • Viewer/User: Limited access based on roles — great for simulating end-user behavior.
  • Login via curl: The dashboard shows a prebuilt curl command with all required fields, including client ID, username, and password.
  • Token Preview: Once the login succeeds, the access token and refresh token appear below with full visibility.
  • Copy, Decode, or Clear: You can copy tokens, decode JWT structure, or reset the panel as needed.

These users are role-mapped and ready to plug into your frontend or Postman tests. You can easily simulate permissions and validate how your app reacts to different roles — all without writing a single line of user setup logic.

Tokens include OpenID claims like preferred_username, scope, realm_access, and resource_access, making them perfect for testing role-based authorization logic in your apps or APIs.

5. Realm Roles

Roles define what users can and cannot access within your Keycloakkit realm. These roles are already created for you and mapped to your test users so you can immediately test role-based access control (RBAC) in your app.

  • Viewer Role: Grants read-only access to clients and users. Assigned by default to testuser.
  • Admin Role: Provides full access to realm configuration, client management, and role editing. Assigned to adminuser.
  • Assigned Users: Each role clearly lists assigned users in your dashboard for quick reference.
  • Role ID: Every role includes a unique identifier which you can copy to clipboard using the icon next to it.
  • UI badges like 🔐 and color-coded layouts make roles visually distinguishable.

These predefined roles can be used to simulate restricted views, conditional rendering in UIs, or permission checks in your APIs. You can assign more users to each role or create new custom roles directly from the dashboard.

8. What’s Next?

You've successfully launched your realm, tested authentication, reviewed tokens, and verified user roles. Now it's time to go further.

  • Integrate your own app with Keycloakkit-generated realm settings
  • Explore advanced OAuth flows like PKCE, client_credentials, and refresh tokens
  • Simulate enterprise scenarios by creating new roles or users
  • Use the decoded token structure to validate API-level access and scopes
  • Connect your CI/CD pipeline or automation test suites to real Keycloak endpoints

Coming soon: Keycloakkit Pro — with saved realm presets, extended expiry, custom templates, and REST API access. Stay tuned!

🚀 Ready to launch your Keycloak realm?

Build, test, and validate your authentication flow in seconds.

Launch My Realm →