Developer

Keycloak

This Flutter plugin provides federated authentication for Android, iOS, and Web. It uses AppAuth for native (Android and iOS) applications and the Keycloak JavaScript adapter for web integration, offering seamless authentication across platforms.

Getting Started

This plugin enables OAuth 2.0 and OpenID Connect (OIDC) authentication with Keycloak as the identity provider, supporting Android, iOS, and Web platforms.

Before you begin:

  • Set up a Keycloak instance and configure an OIDC client.
  • Ensure the Keycloak instance is accessible from the platforms you plan to support.

Instalattion

Add this plugin to your pubspec.yaml file:

dependencies:
  flutter:
    sdk: flutter
  eit_keycloak: ^1.0.0

Change the version to the latest.

Android

The plugin relies on the flutter_appauth package internally, so please refer to their documentation for setup instructions.

However, a quick setup requires updating your build.gradle file as follows:

    android {
    ...
    defaultConfig {
        ...
        manifestPlaceholders += [
                'appAuthRedirectScheme': '<your_custom_scheme>'
        ]
    }
}

iOS

The plugin relies on the flutter_appauth package internally, so please refer to their documentation for setup instructions.

However, a quick setup requires updating your Info.plist file as follows:

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleTypeRole</key>
        <string>Editor</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string><your_custom_scheme></string>
        </array>
    </dict>
</array>

Web

The plugin uses the Keycloak JavaScript adapter internally, so you'll need to include this JavaScript file in your index.html.

Ensure that the adapter version matches the version of your Keycloak instance and that you expose Keycloak in global scope globalThis.

<head>
    ...
    <script type="module">
    import keycloakJs from 'https://cdn.jsdelivr.net/npm/keycloak-js@26.0.4/+esm'
    globalThis.Keycloak = keycloakJs;
  </script>
</head>

Usage

This plugin supports federated sign-in and sign-out for Android, iOS, and Web.

  1. Create the instance of EitKeycloak by providing EitKeycloakConfig
final keycloak = EitKeycloak(
      config: const EitKeycloakConfig(
        uri: 'https://your.keycloak.com',
        realm: 'yout-realm',
        clientId: 'your-client',
        scopes: ['openid'],
        appAuthConfig: AppAuthConfig(
          redirectUri: 'your_custom_scheme://your.app.redirect/auth-redirect',
          postLogoutRedirectUri: 'your_custom_scheme://your.app.redirect/auth-redirect',
        ),
        keycloakWebConfig: KeycloakWebConfig(
          redirectUri: 'https://your.app/login-success',
          postLogoutRedirectUri: 'https://your.app/logout-success',
        ),
      ),
    )
  1. Initialize keycloak instance
final authenticated = keycloak.init()

// Add refreshToken to skip login screen if token is valid
// You can add accessToken and idToken too
final authenticated = keycloak.init(
    accessToken: 'your-access-token',
    idToken: 'your-id-token',
    refreshToken: 'your-refresh-token',
);
  1. Use keycloak instance to communicate with your Keycloak server.
/// Is the underlying platform initialized.
final initialized = keycloak.initialized;
/// Logs in the user by interacting with the Keycloak platform.
final loginResult = keycloak.login();
/// Refreshes the authentication tokens, using the stored refresh token.
final refreshResult = keycloak.refresh();
/// Logs out the user by revoking tokens with the Keycloak platform, using stored id token.
final logoutResult = keycloak.logout();
/// Holds the authentication tokens returned by Keycloak.
final tokens = keycloak.tokens;
  1. Additionally, EitKeycloak is implemented as ChangeNotifier so you can listen to tokens changes.

For example:

void _saveRefreshToken() {
   ...
}

@override
void initState() {
    super.initState();
    _keycloak.addListener(_saveRefreshToken);
}

@override
void dispose() {
    _keycloak.removeListener(_saveRefreshToken);
    super.dispose();
}

A Flutter Federated Plugin created by the EmbedIT. Generated by the EmbedIT CLI 🤖

Dependency injection

Service locator package based on GetIt. with easy configuration and better focus on dependency injection error handling.

Linter rules for Flutter

This package provides lint rules for Dart and Flutter which are used at EmbedIT Platform. For more information, see the complete list of options.

Copyright © 2025. All rights reserved.