Skip to content Skip to sidebar Skip to footer
Home / Javascript / Keycloak / Oauth 2.0 / Openid Connect / Reactjs

How Implement React Spa Authentication With Keycloak And Pkce Flow?

Post a Comment
This is my first time working with Keycloak. I have prepared a Keycloak instance in my local machine in which I can create realm's, clients etc. I found React + Keycloak examples o

Solution 1:

Go to your Realm, and then to client and select your client:

  • Set Access Type to public
  • Enabled Standard Flow Enabled
  • Add the appropriate Redirect Uris
  • Go to Advanced Settings and in the field Proof Key for Code Exchange Code Challenge Method and select S256.

On the adaptor of your React application add "enable-pkce": true.

From the keycloak documentation:

The KeycloakInstalled adapter supports the PKCE [RFC 7636] mechanism to provide additional protection during code to token exchanges in the OIDC protocol. PKCE can be enabled with the "enable-pkce": true setting in the adapter configuration. Enabling PKCE is highly recommended, to avoid code injection and code replay attacks.

Post a Comment for "How Implement React Spa Authentication With Keycloak And Pkce Flow?"