A comprehensive demonstration of secure authentication and authorization using Keycloak in a modern full-stack application. This project showcases role-based access control (RBAC) with a React frontend and Fastify backend, implementing real-world authentication patterns.
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ React App │ │ Keycloak │ │ Fastify │
│ (Frontend) │ │ Server │ │ Backend │
│ │ │ │ │ │
│ ┌─────────┐ │ 1 │ ┌─────────┐ │ 3 │ ┌─────────┐ │
│ │ UI │────┼────────►│ │ Auth │ │ │ │ APIs │ │
│ └─────────┘ │ │ │ Server │ │ │ └─────────┘ │
│ ▲ │ │ └─────────┘ │ │ ▲ │
│ │ │ 2 │ │ │ │ │ │
│ ┌─────────┐ │◄────────┤ ┌─────────┐ │ 4 │ │ │
│ │ Token │ │ │ │ Token │──┼────────►│ │ │
│ │ Storage │ │ │ │ Issuer │ │ │ │ │
│ └─────────┘ │ │ └─────────┘ │ │ │ │
│ │ │ │ │ │ │ │
└───────┼─────────┘ └───────────────┘ └───────┼────────┘
│ │
└───────────────────────── 5 ───────────────────────┘
Flow:
1. User authentication request
2. JWT token issuance
3. Token verification request
4. Token validation
5. Protected API access with verified token
- Secure Authentication: Complete Keycloak integration for robust user authentication
- Role-Based Access Control: Granular access management with admin and user roles
- Protected API Endpoints: Secure backend routes with role-based authorization
- JWT Token Management: Secure token handling and validation
- Modern UI: Responsive interface with role-based component rendering
- User accesses the React application
- Application redirects to Keycloak login
- User provides credentials
- Keycloak validates credentials and issues JWT
- Application stores token securely
- Frontend includes JWT in API requests
- Backend validates token signature
- Backend checks user roles
- Access granted based on user permissions
-
Admin Users (user1, user2):
- Complete system access
- All API endpoints available
- Full UI component visibility
-
Regular Users (user3, user4):
- Limited system access
- Restricted API endpoints
- Partial UI component visibility
- Node.js v14+
- Docker
- npm/yarn
# Start Keycloak server
docker run -p 8001:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=admin \
quay.io/keycloak/keycloak:latest start-dev
-
Access Admin Console
- URL:
http://localhost:8001
- Credentials: admin/admin
- URL:
-
Create New Realm
- Name:
test101
- Enable realm
- Name:
-
Configure Client
- Client ID:
react-app
- Client Protocol:
openid-connect
- Root URL:
http://localhost:5173
- Valid Redirect URIs:
http://localhost:5173/*
- Web Origins:
+
- Client ID:
-
Set Up Users
Admin Access: - Username: user1, Password: user1, Role: admin - Username: user2, Password: user2, Role: admin Standard Access: - Username: user3, Password: user3, Role: user - Username: user4, Password: user4, Role: user
# Backend Setup
cd backend
npm install
npm run dev
# Frontend Setup
cd frontend
npm install
npm run dev
Resource | Description | Admin Access | User Access |
---|---|---|---|
Card One | Admin Dashboard | ✅ | ❌ |
Card Two | Analytics Panel | ✅ | ❌ |
Card Three | User Dashboard | ✅ | ✅ |
Card Four | General Content | ✅ | ✅ |
- React 18 with TypeScript
- Tailwind CSS for styling
- Keycloak-js for authentication
- Framer Motion for animations
- Fastify server
- TypeScript
- JWT token validation
- Role-based middleware
- Keycloak Server
- JWT token management
- RBAC implementation
- Login with admin credentials
- Verify access to all cards
- Test all API endpoints
- Confirm full system access
- Login with user credentials
- Verify limited card access
- Test permitted endpoints
- Confirm access restrictions
- JWT tokens are validated on every request
- Role verification occurs server-side
- Secure token storage implementation
- Protected API endpoints
- CORS configuration
- Secure logout handling
We welcome contributions! Please follow these steps:
- Fork the repository
- Create a feature branch
- Commit changes
- Push to the branch
- Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Keycloak Community
- Fastify Framework Team
- React Development Team
- Open Source Community
For support, please open an issue in the GitHub repository or contact the maintainers.