OAuth2, SSO, and JWT
Back to Home

Documentation

Documentation v1.0

Getting Started

Keycloakkit helps you instantly launch working Keycloak realms for OAuth, SSO, JWT testing — no setup, no stress. Follow this guide to get up and running in minutes.

1. Launch Your Realm

You can instantly spin up a secure, isolated Keycloak realm using app.keycloakkit.com. Just click "Launch My Realm" and within seconds, you'll receive:

Auto-generated Clients

Public + confidential clients ready for your apps

Pre-configured Users

Test users with role mappings included

OpenID Connect

Ready-to-use authentication endpoints

Built-in Testing

curl + Postman token testers included

Realm Lifecycle

Realms are fully functional for 24 hours. After that, they auto-expire and reset to keep your dev workspace clean. You can also manually reset or delete your realm anytime using the buttons in the summary panel.

2. Configure Your Realm

Once your realm is launched, every client card will show a "View Config" button. This reveals essential credentials like client_id, client_secret, redirect URIs, and OpenID endpoints.

Server Config

Ready-to-use .env format for backend

API Testing

JSON format for Postman, Insomnia, CLI

Security Note

All sensitive fields are masked by default but easily copyable. Both public and confidential clients come with unique config previews tailored to their use cases.

3. Clients & Credentials

Every realm includes two preconfigured OAuth2 clients to help you test both backend and frontend flows: a Confidential Client for server-side use, and a Public Client for browser-based apps (SPA).

Public Client (SPA)

This client is ideal for Single Page Applications such as React, Angular, or Vue. It does not require a client secret and uses Authorization Code + PKCE flow.

Configuration

  • Auto-generated client_id
  • Redirect URI: localhost:3000/*

Features

  • PKCE Support
  • One-click .env export

Confidential Client (Backend)

This client is intended for secure server-to-server communication and is preconfigured with a client secret. It supports common grant types such as client_credentials and password.

Security Features

  • Secure client secret storage
  • Copy-to-clipboard support

Testing Tools

  • Built-in token generator
  • Live JWT inspector

Pro Tip

Use the built-in token generator to quickly test your backend integration. The JWT inspector shows all claims (iss, exp, realm_access, scope) in a readable format.

4. Users & Test Accounts

Every realm comes with default test users configured to help you simulate login, token generation, and access control scenarios. These users allow developers to verify OAuth2 flows without building custom signup or authentication logic from scratch.

Admin User

Full Access

  • Manage clients & roles
  • Configure realm settings
  • Test admin dashboards

Regular User

Limited Access

  • View assigned resources
  • Test user permissions
  • Simulate end-user flows

Testing Tools

Quick Login

Pre-built curl commands with all credentials included

Token Preview

View access & refresh tokens after successful login

JWT Tools

Copy, decode, or clear tokens as needed

OpenID Claims

Tokens include standard OpenID claims for comprehensive testing:

preferred_username scope realm_access resource_access

5. Realm Roles

Roles define what users can and cannot access within your Keycloakkit realm. These roles are already created for you and mapped to your test users so you can immediately test role-based access control (RBAC) in your app.

Admin Role

Full Access adminuser
  • Manage realm configuration
  • Create & edit client settings
  • Assign & manage roles

Viewer Role

Read Only testuser
  • View client information
  • Access assigned resources
  • Read user profiles

Role Management

User Assignment

Quick view of users assigned to each role

Role IDs

Copy unique role identifiers to clipboard

Visual Indicators

Color-coded badges for role distinction

Implementation Tips

Use these predefined roles to implement:

Restricted views in your UI
Conditional component rendering
API permission checks
Custom role assignments

6. What's Next?

You've successfully launched your realm, tested authentication, reviewed tokens, and verified user roles. Now it's time to take your implementation to the next level.

App Integration

  • Use realm settings in your app
  • Connect to Keycloak endpoints
  • Implement token validation

Advanced Features

  • Explore PKCE flow
  • Test refresh tokens
  • Use client credentials

Enterprise Features

Custom Roles

Create enterprise-specific roles

CI/CD Integration

Connect to automation pipelines

API Access

Validate scopes and permissions

Coming Soon: Keycloakkit Pro

Enhanced Features for Enterprise

Saved realm presets
Extended expiry
Custom templates
REST API access
Ready to Get Started?

Launch Your Keycloak Realm in Seconds

Build, test, and validate your authentication flow with zero setup. Join 1,000+ developers already using Keycloakkit.

Star on GitHub
Setup in < 5min
Secure by Default
1,000+ Users
24/7 Support