Suggested libraries for OIDC

In order to ease the development process and abstract away some complexities of authentication and verifying tokens, we have collected a list of libraries that would be useful when developing a new service that should be secured with OIDC.

The OpenID Foundation certifies libraries that meet the OIDC Specification, you can find a list for Certified Relying Party Libraries here. Alternatively, for a thorough list of suggestions from the Keycloak developers, for many languages, you can view the page here.

You can start by consulting the Keycloak docs and examples, as well as checking out the SSO examples that are provided on our Gitlab docs section:

• keylcoak-sso-examples

Python

Python libraries are tricky, because many of them actually implement the full spec and define a new IdP for themselves, without showing simple examples on how users should simply validate their tokens.

Of all the available libraries, we would suggest starting with:

• authlib: https://authlib.org/
• pyoidc: https://github.com/OpenIDC/pyoidc/

The library provides both clients and servers, as well as some claim validation classes. To see a simple example of secure OIDC endpoint, you can check out:

• flask-oidc-example

Java

Keycloak comes with builtin libraries for many Java platforms, as well, which is documented in the docs:

• Java adapter config

Additionally, we have a more complex in-house Spring boot example, available HERE

.NET

.NET core has built-in libraries for providing JWT token validation, as well as audience validation and other things. Tutorial article:

• ASP .NET Core JWT auth tutorial

There is a suggested OWIN library on the Keycloak page, but it's targeted towards .NET Framework, not .NET core.

Javascript

Keycloak comes with a built-in library for performing authentication / authorization for Javascript:

• Front-end JS library
• NodeJS backend library

Other programming languages (Go, Electron application, Native Applications)

See the examples or the Keycloak docs.