DEV Community

Samuel Mutemi
Samuel Mutemi

Posted on

2

Setting Up Keycloak for Passwordless Authentication

#webdev #programming #authentication #keycloak

Passwordless authentication is becoming a must-have for modern applications, no more forgotten passwords, just seamless access via magic links, biometrics, or security keys. Keycloak, the popular open-source identity and access management solution, makes implementing passwordless auth surprisingly straightforward.

In this guide, we’ll walk through configuring Keycloak to support email-based magic links (a common passwordless approach). Let’s dive in!

Prerequisites

  • A running Keycloak instance (v20+)
  • SMTP server access (for sending magic links)
  • Basic familiarity with Keycloak admin console

Step 1: Enable Email Verification

Since passwordless auth relies on email links, we first need to ensure Keycloak can send emails.

  1. Configure SMTP settings
    • Go to Realm Settings → Email
    • Fill in your SMTP server details (e.g., Gmail, SendGrid, Postmark) 
   Host: smtp.example.com  
   Port: 587  
   From: no-reply@yourdomain.com  
   Enable SSL/TLS: Yes  
   Authentication: Enabled (provide credentials)
Enter fullscreen mode Exit fullscreen mode
  1. Test email delivery
    • Click Test connection to verify everything works.

Step 2: Set Up Passwordless Authentication Flow

Keycloak uses authentication flows to define login steps. We’ll customize the default flow.

  1. Create a new authentication flow

    • Navigate to Authentication → Flows
    • Click New flow, name it (e.g., "Passwordless Email")

  2. Add required steps

    • Under your new flow, add these executions:
      • Username Form (for email input)
      • Send Email Verification Link (replaces password check)
      • Conditional User Role (optional, for additional security)

  3. Disable password requirement

    • Go to Realm Settings → Login
    • Disable "Password" as a required credential

Step 3: Customize the Magic Link Email

Keycloak sends a verification email, let’s make it user-friendly.

  1. Edit the email template
    • Go to Realm Settings → Email → Templates
    • Modify "Verify Email" to include a clear call-to-action: 
   <p>Click below to log in:</p>  
   <a href="${url}" style="background: #2563eb; color: white; padding: 10px 20px; text-decoration: none; border-radius: 5px;">Sign In Instantly</a>
Enter fullscreen mode Exit fullscreen mode
  1. Set link expiration
    • Under Realm Settings → Tokens, adjust "Email Verification Link Lifespan" (e.g., 15 minutes).

Step 4: Test the Flow

  1. Try logging in as a test user.
  2. Instead of a password field, you’ll see an email input.
  3. After submitting, check your inbox for the magic link.
  4. Clicking it should log you in directly!

Bonus: Adding WebAuthn (Biometric Auth)

For a more advanced passwordless experience, enable WebAuthn (for security keys/biometrics):

  1. Go to Authentication → Flows
  2. Add "WebAuthn Authenticator" as an alternative.

Final Thoughts

Keycloak makes passwordless auth surprisingly simple. With just a few tweaks, you can replace clunky passwords with secure, user-friendly magic links or biometric logins.

Need help? Check out the official Keycloak docs or drop a question below!

profile
Heroku
 Promoted

Heroku

Tired of jumping between terminals, dashboards, and code?

Check out this demo showcasing how tools like Cursor can connect to Heroku through the MCP, letting you trigger actions like deployments, scaling, or provisioning—all without leaving your editor.

Learn More

Top comments (0)

profile
LaunchDarkly
 Promoted

Feature flag article image

Create a feature flag in your IDE in 5 minutes with LaunchDarkly’s MCP server 🏁

How to create, evaluate, and modify flags from within your IDE or AI client using natural language with LaunchDarkly's new MCP server. Follow along with this tutorial for step by step instructions.

Read full post

👋 Kindness is contagious

Explore this insightful write-up embraced by the inclusive DEV Community. Tech enthusiasts of all skill levels can contribute insights and expand our shared knowledge.

Spreading a simple "thank you" uplifts creators—let them know your thoughts in the discussion below!

At DEV, collaborative learning fuels growth and forges stronger connections. If this piece resonated with you, a brief note of thanks goes a long way.

Okay