• Docker and docker-compose

1. Create a .env file having the required PG_PASS and AUTHENTIK_SECRET_KEY variables, as documented by Authentik:

1. Run this to add keycloak as a valid FQDN for localhost. Authentik need to communicate with Keycloak in the docker network (thus through keycloak FQDN), but in doing so the redirect address will be keycloak for login. That’s why we need this kinda hack:

1. Now go into the ./docker directory and run

Then you will have access to the following services: - http://localhost:1234 is the React WebApp - http://localhost:9000 is the Authentik instance - http://localhost:8080 is the Keycloak instance (admittedly you can now also use http://keycloak:8080 but it’s not required for administration purposes)

The connexions are as follows: - The WebApp is declared as a my-app client in Authentik, with a dedicated Provider for my-app OIDC provider. - Authentik uses Keycloak OIDC as a "Federated Social Login" option through a client authentik-login created in the my-realm Keycloak realm. - A user my-user with password my-password is created in Keycloak. It belongs to the my-users Keycloak group.

Thus you can test the whole workflow by going to the webapp, clicking on Log In, selecting Keycloak OIDC and using the aforementionned credentials for my-user to be logged as my-user on the webapp.

And…​that’s it ! 😁