This repository contains a reusable connector for Keycloak.
See auth/example_test.go for example usage or snippet below:
import ""
func main() {
realmInfo := auth.KeycloakRealmInfo{
RealmId: "user-management", // keycloak realm name
AuthServerInternalUrl: "http://keycloak:8080/auth", // keycloak server internal url
AuthServerPublicUrl: "http://localhost:28080/auth", // keycloak server public url (jwt issuer)
authorizer, err := auth.NewKeycloakAuthorizer(realmInfo)
if err != nil {
log.Fatal(fmt.Errorf("error creating keycloak token authorizer: %w", err))
authMiddleware, err := auth.NewGinAuthMiddleware(authorizer.ParseRequest)
if err != nil {
log.Fatal(fmt.Errorf("error creating keycloak auth middleware: %w", err))
router := gin.Default()
router.Use(authMiddleware) // wire up auth middleware
router.GET("/test", func(c *gin.Context) {
userContext, err := auth.GetUserContext(c)
if err != nil {
_ = c.AbortWithError(http.StatusInternalServerError, err)
c.String(http.StatusOK, fmt.Sprintf("%#v", userContext))
// Output:
// &auth.UserContext{
// Realm: "user-management",
// UserID: "1927ed8a-3f1f-4846-8433-db290ea5ff90",
// UserName: "initial",
// EmailAddress: "initial@host.local",
// Roles: []string{""offline_access", "uma_authorization", "user", "default-roles-user-management"},
// Groups: []string{"user-management-initial"},
// AllowedOrigins: []string{"http://localhost:3000"},
// }
- create a realm info struct with realm id and keycloak internal url (inside docker/k8s) from environment variables,
- create keycloak authorizer via
and pass the realm info, - create gin middleware via
method of the authorizer. It will checkAuthorization
header for the bearer token andOrigin
header for an allowed origin. It will put decoded claims into gin context - wire up auth middleware to routes you decide
- inside routes use
to get decoded token claims as a user context object from gin context
This project is maintained by Greenbone AG
Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.
Copyright (C) 2020-2023 Greenbone AG
Licensed under the GNU General Public License v3.0 or later.