top of page
Search

Keycloak series | #2: Integrating Google and GitHub for Seamless Social Media Authentication

  • cymansys
  • Feb 24
  • 3 min read

Integrating social media authentication into your applications can significantly improve user experience by simplifying login processes. In this second part of our series on Keycloak, I will walk you through how to set up Google and GitHub as identity providers. This will help you leverage Keycloak’s open source capabilities to enable secure, scalable authentication using OIDC standards, especially useful when working with modern frameworks like .NET 10.



Why Use Google and GitHub for Authentication?


Google and GitHub are among the most popular platforms for social login. Many developers and users already have accounts on these platforms, which makes authentication faster and more familiar. Using Keycloak, an open source identity and access management tool, you can integrate these providers with minimal effort while maintaining control over your authentication flows.


Both Google and GitHub support OpenID Connect (OIDC), a simple identity layer on top of OAuth 2.0. This makes them ideal for secure authentication in modern applications, including those built with .NET 10. By integrating these providers, you reduce the need to manage passwords and improve security by relying on trusted third-party authentication.



Setting Up Google as an Identity Provider in Keycloak


To start, you need to create a Google project and configure OAuth credentials:


  1. Go to the Google Cloud Console.

  2. Create a new project or select an existing one.

  3. Navigate to APIs & Services > Credentials.

  4. Click Create Credentials > OAuth client ID.

  5. Choose Web application and add your Keycloak redirect URI, typically:

    `https://<your-keycloak-domain>/auth/realms/<realm-name>/broker/google/endpoint`

  6. Save the client ID and client secret.





Next, configure Keycloak:


  • Log in to the Keycloak admin console.

  • Select your realm.

  • Go to Identity Providers and choose Google.

  • Enter the client ID and client secret from Google.

  • Save the configuration.




Once set, users can authenticate using their Google accounts. Keycloak will handle the OIDC flow, exchanging tokens and mapping user information.



Integrating GitHub Authentication


GitHub requires a similar setup but with some differences:


  1. Visit GitHub Developer Settings.

  2. Click OAuth Apps > New OAuth App.

  3. Fill in the application name and homepage URL.

  4. Set the authorization callback URL to:

    `https://<your-keycloak-domain>/auth/realms/<realm-name>/broker/github/endpoint`

  5. Register the app and note the client ID and client secret.





In Keycloak:


  • Open the admin console and select your realm.

  • Navigate to Identity Providers and pick GitHub.

  • Enter the client ID and client secret.

  • Save the settings.


GitHub authentication will now be available, allowing users to log in with their GitHub accounts.


Customizing User Attributes and Mappers


Keycloak allows you to map attributes from Google and GitHub to your user model. This is useful for syncing user details like email, name, and profile picture.


To customize mappers:


  • In the Keycloak admin console, under your identity provider, go to the Mappers tab.

  • Add or edit mappers to extract claims from the OIDC tokens.

  • For example, map `email` to the user’s email attribute, or `name` to the full name.


This ensures your application receives consistent user data regardless of the provider.


Using Keycloak with .NET 10 Applications


This is the biggest take away from this blog, all of this did not ask us to add code or buttons with CSS and HTML. It's only configuration in our IDP which makes this very powerful and you will see in the repo the only thing that changed is a new markdown file part-2. Ultimately, only the realm information has changed.




This setup allows your app to delegate authentication to Keycloak, which in turn supports Google and GitHub logins. Users will enjoy a smooth sign-in experience without managing multiple credentials.



Tips for a Smooth Integration


  • Always test redirect URIs carefully to avoid mismatches.

  • Use HTTPS in production to secure token exchanges.

  • Monitor Keycloak logs for troubleshooting authentication issues.

  • Regularly update Keycloak to benefit from security patches and new features.

  • Consider user experience by customizing login screens and error messages in Keycloak.


By following these steps, you can build a secure authentication system that supports popular social logins and integrates well with modern development frameworks.


GitHub Repository


For all examples and sandbox to play with working code

Here's the repo and for this context you can pull changes related to the tag part-2


Other parts from the Keycloak series


Comments

bottom of page