Keycloak - direct user link registration

Question

I have set up a web application with Keycloak in my local machine. Since Im using Keycloak as SSO implementation, I want in my web app that whenever SIGNUP button is click, user is directed into the registration page, and not going through the LOGIN page.

This is the example URL directed to the registration form, however, it contains a tab_id that is generated randomly like a session id.

https://site.test/auth/realms/custom/login-actions/authenticate?client_id=test&tab_id=qIdW92Bvwmk

I read about this link

Yes, as long as you use the "registrations" instead of "auth" in the end of login ( AuthorizationEndpoint ) URL

But my endpoint in https://site.test/auth/realms/custom/.well-known/openid-configuration cannot be modified.

score 41 · Answer 1 · edited Nov 12 '18 at 14:57

41

You can change the button link to this format -

http://<domain.com>/auth/realms/<realm-name>/protocol/openid-connect/registrations?client_id=<client_id>&response_type=code&scope=openid email&redirect_uri=http://<domain.com>/<redirect-path>&kc_locale=<two-digit-lang-code>

edited Nov 12 '18 at 14:57

Stephen Rauch

47,830
31
106
135

answered Nov 12 '18 at 14:37

Sundararajan KS

699
1
7
8

6

Can you point to the Keycloak documentation where this is mentioned? I am having a hard time finding the URL in the documentations. – Ali_MM Mar 16 '21 at 17:26
I'm going to guess they referenced this [archived mail-list response](https://lists.jboss.org/pipermail/keycloak-user/2016-August/007473.html). – James Aug 25 '21 at 12:59
1

For Keycloak v15, `ui_locales` instead of `kc_locale` worked for me to set the language. It's the OIDC standard. Also from the Keycloak docs: https://www.keycloak.org/docs/latest/server_admin/#_user_locale_selection – Yigitalp Ertem Sep 13 '21 at 13:57
2

The `redirect_uri` doesn't work for me, at least not in 15.0.2. As this isn't accepted answer, can somebody confirm it works? @Sundararajan KS I would appreciate that link – Lukino Nov 24 '21 at 15:04
It works for me with this redirect_uri=http:/// which does not contain any query parameter. We use very complex redirec_uri query parameters for sign in. It does not work with registration. keycloak:16.1.1 – Aivils Štoss May 31 '22 at 11:15
1

This doesn't work in my 18.0.0 setup. It produces "no state" errors. – AscendingEagle Jun 17 '22 at 00:29
@AscendingEagle I worked around the "no state" error by using a redirect url that points to a page saying "Registration successful. You may login to your new account." The page also display the normal login button that uses the normal login logic. With one click on that button the user is then logged in. – ProSinq Aug 25 '22 at 11:33
For me to get the `redirect_uri` working, it had to start with `https://` – Metu Aug 12 '23 at 07:43

score 1 · Answer 2 · edited Aug 05 '22 at 09:33

1

The registration page is exposed via an openid-connect endpoint, accessible in the same way as the standard auth screen. To construct the correct URL you can simply replace openid-connect/auth in the URL with openid-connect/registrations from the .well-known auth endpoint.

    authEndpoint.replace("openid-connect/auth","openid-connect/registrations");

Using this endpoint the user will be directed to the registration screen instead of the login screen.

It is not documented or exposed via .well-known/openid-configuration, but you can see it in the source code:

    public static UriBuilder registrationsUrl(UriBuilder baseUriBuilder) {
        UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
        return uriBuilder.path(OIDCLoginProtocolService.class, "registrations");
    }

edited Aug 05 '22 at 09:33

George

2,860
18
31

answered Mar 10 '22 at 00:44

alan irwin godinez ramirez

27
1

1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 10 '22 at 06:06
What is "replace"? How does this answer the question? – AscendingEagle Jun 17 '22 at 00:27

score -1 · Answer 3 · answered Jan 19 '23 at 15:52

-1

For Keycloak 17 this worked for me:

http://<mykeycloakdomain.com>/realms//protocol/openid-connect/registrations?client_id=<myclient_id>&response_type=code&scope=openid+email&redirect_uri=https%3A%2F%2Fmywebsiteurl.com&kc_locale=

answered Jan 19 '23 at 15:52

Igor

1

1

As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 21 '23 at 18:30
1

@Igor please explain with details in your answer to make it more useful for other users ! – NanoPish Jan 26 '23 at 11:18
This gives a 404 error. – Harlin Apr 10 '23 at 21:48

Keycloak - direct user link registration

3 Answers3

Linked