Securing Applications

Phase Two is an implementation of the OpenID Connect specification. That means, no custom libraries or code are required Your applications and services can be secured using any compliant OpenID Connect Relying Party library. There are lists maintained by the OpenID Foundation of client libraries.

• Certified OpenID Connect Implementations
• Uncertified OpenID Connect Implementations

Confused? We will also use this category as a place to provide language and framework specific guides to make securing your applications easier.

Guides

📄️ Javascript

Most modern applications are being built as single-page apps. The easiest way to secure these is with the Javascript keycloak-js library. If you are using a package manager like NPM, you can use it from there. If you are importing it direclty, the library is served by the server at `https:///auth/js/keycloak.js

📄️ React

Many SPAs use a framework such as React to simplify the creation of interactive experiences. We suggest the use of the open source react-keycloak library to make securing React applications easier.

📄️ Backend

This section is currently under construction. Check back soon for updates.

Libraries

Also, here is an unofficial list of OpenID Connect libraries we've heard good things about. Please email us if you're a library author, and you'd like to see your library linked here, or if you've had success with a library not listed here.

• JavaScript (client-side)
  • JavaScript
• Node.js (server-side)
  • Node.js
• Python
  • oidc
• Go
  • gocloak
• Android
  • AppAuth
• iOS
  • AppAuth
• PHP
  • oauth2-keycloak
• C#
  • OWIN