Skip to content

add initial version of keycloak extension#127

Open
HarshCasper wants to merge 2 commits intomainfrom
keycloak
Open

add initial version of keycloak extension#127
HarshCasper wants to merge 2 commits intomainfrom
keycloak

Conversation

@HarshCasper
Copy link
Member

@HarshCasper HarshCasper commented Feb 5, 2026

Summary

  • Add Keycloak extension for LocalStack using Docker sidecar pattern
  • Pre-configure default realm with OAuth2 client, admin/user roles, and service account
  • Auto-register Keycloak as OIDC identity provider in LocalStack IAM for AssumeRoleWithWebIdentity flows
  • Include sample app demonstrating API Gateway + Lambda Authorizer with JWT validation and role-based access control
  • Provide Makefile automation for extension installation, sample app deployment, and testing

Copy link
Contributor

@remotesynth remotesynth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went through the basic readme and the sample app aspects and it worked fine.

Copy link
Member

@whummer whummer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, kudos for driving this @HarshCasper ! 🚀

I've checked out the changes and did some local testing - the sample app deploys nicely, and tests are passing. 👌

(Side note: Weirdly, there were some issues with running in EXTENSION_DEV_MODE=1 dev mode with the new standalone CLI /cc @silv-io - but could also have been an issue in my local setup, will investigate further..)

## Installation

```bash
localstack extensions install "git+https://github.com/localstack/localstack-extensions.git#egg=localstack-keycloak&subdirectory=keycloak"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The egg here needs to match the extension name. We could either rename the extension to localstack-keycloak in pyproject.toml, or update the command here to use localstack-keycloak. (We don't currently follow a consistent pattern, but I would probably prefer the former, as localstack-keycloak seems a bit shorter, and we've also used this pattern for the wiremock extension recently.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants