A Nuxt 4 Single Page Application demonstrating how to use oidc-spa with Keycloak as the identity provider.
modules/oidc-spa.ts- Custom Nuxt module that integrates theoidc-spaVite plugin. Ensures SSR is disabled and configures the plugin to freeze fetch/XHR/WebSocket during authentication flows.
app/composables/useAuth.ts- Authentication composable providing:isAuthenticated- Computed boolean for auth statusidToken- Computed decoded ID tokenlogin()- Initiates login flowlogout()- Initiates logout flow
app/plugins/01.oidc.client.ts- Client-only plugin that:- Initializes the
oidc-spawith Keycloak configuration - Configures issuer URI, client ID, and base URL
- Sets up auto-logout behavior
- Provides
$oidcinstance to the app
- Initializes the
app/schemas/decodedIdToken.ts- Zod schema for validating decoded ID tokens:preferred_username(string)name(string)
app/pages/index.vue- Demo page showing authentication status and login/logout buttons
- Install dependencies:
pnpm install- Configure environment variables:
Create a .env file in the root directory (use .env.example as template):
NUXT_PUBLIC_KEYCLOAK_URL=https://your-keycloak-url.com/
NUXT_PUBLIC_KEYCLOAK_REALM=Your-Realm-Name
NUXT_PUBLIC_KEYCLOAK_CLIENT_ID=Your-Client-Id- Configure Keycloak:
In your Keycloak admin console:
- Create a client with the Client ID matching your
.envfile - Set Access Type to
public - Add valid redirect URIs:
http://localhost:3000/*(for development)- Add your production URLs when deploying
- Add valid web origins:
http://localhost:3000 - Enable Standard Flow (Authorization Code Flow)
Start the development server on http://localhost:3000:
pnpm dev- Nuxt 4 - Vue.js framework (SPA mode)
- oidc-spa - OpenID Connect client library
- Nuxt UI - UI component library
- Tailwind 4 - Styling
- TypeScript - Type safety
- Zod - Schema validation
- Keycloak - Identity provider
Build the application for production:
pnpm buildPreview production build locally:
pnpm preview