Skip to main content


Most modern applications are being built as single-page apps. The easiest way to secure these is with the JavaScript keycloak-js library. If you are using a package manager like NPM, you can use it from there. If you are importing it direclty, the library is served by the server at `https://{host}/auth/js/keycloak.js


You must replace the {host}, {realm} and {clientId} values with those from your account.

<script src="https://{host}/auth/js/keycloak.js"></script>
var auth = new Keycloak({
url: "https://{host}/auth",
realm: "{realm}",
clientId: "{clientId}",
onLoad: "login-required",
.then(function (authenticated) {
alert(authenticated ? "authenticated" : "not authenticated");
.catch(function () {
alert("failed to initialize");
<div id="message"></div>

A complete specification of what is available in the keycloak-js library is available in their official documentation