Overview
This node obtains an OAuth 2.0 access token from a Keycloak server. It supports two grant types: Client Credentials and Password. The node is useful for automating authentication workflows where you need to programmatically retrieve fresh tokens to access Keycloak-protected resources or APIs.
Typical use cases include:
- Automating API calls that require a valid Keycloak token.
- Integrating Keycloak authentication into n8n workflows.
- Refreshing tokens without manual intervention.
For example, you might use this node to get a token using client credentials to authenticate backend services, or use the password grant type to obtain a token on behalf of a user by providing their username and password.
Properties
| Name | Meaning |
|---|---|
| Realm | The Keycloak realm under which the token request should be performed. |
| Grant Type | The OAuth 2.0 grant type to use for obtaining the token. Options: Client Credentials, Password |
| Username | (Password grant only) The Keycloak username for authentication. |
| (Password grant only) The Keycloak email associated with the user. | |
| Password | (Password grant only) The password for the Keycloak user. |
| Audiance | (Password grant only) The Keycloak audience for the token request, defaults to "account". |
Output
The node outputs JSON data containing the obtained access token:
{
"token": "<access_token_string>"
}
If the token cannot be obtained, it returns:
{
"result": false,
"message": "Failed to obtain Keycloak token."
}
No binary data output is produced by this node.
Dependencies
- Requires a configured Keycloak server URL and credentials including client ID and client secret or an API token.
- Needs an API key credential for authenticating with Keycloak.
- The node makes HTTP POST requests to the Keycloak token endpoint.
- The environment must allow outgoing HTTPS requests to the Keycloak server.
Troubleshooting
Common issues:
- Incorrect realm name or missing realm configuration can cause token retrieval failure.
- Using wrong client ID or client secret will result in authentication errors.
- For password grant, incorrect username, email, or password will prevent token issuance.
- Network connectivity issues to the Keycloak server will cause request failures.
Error messages:
"Failed to obtain Keycloak token."indicates the node could not get a valid token, likely due to invalid credentials or misconfiguration.
Resolutions:
- Verify all input properties are correct and match your Keycloak setup.
- Ensure the client ID and secret are valid and have proper permissions.
- Confirm the realm exists and is accessible.
- Check network connectivity and firewall settings.
- For password grant, double-check user credentials.
Links and References
- Keycloak Documentation - Token Endpoint
- OAuth 2.0 Grant Types
- n8n HTTP Request Node Documentation (for understanding underlying HTTP calls)