Keycloakify shifts page generation from the backend to the client. To achieve this, Keycloakify creates a global kcContext
object, which holds the necessary information for generating HTML pages.
This object contains no sensitive data—only the information that the Keycloak team considers essential for rendering the various login pages. Additionally, if you have custom plugins, such as keycloak-email-whitelisting, they may introduce additional values into this object.
If you'd like to prevent some values of the FreeMarker context from being forwarded to the client you can do it with the kcContextExclusionsFtl
option.
Let's say in this example that we would like to exclude:
kcContext.keycloakifyVersion
kcContext.realm.actionTokenGeneratedByUserLifespanMinutes
in the register.ftl page
kcContext.realm.idpVerifyAccountLinkActionTokenLifespanMinutes
in the register.ftl page
This is how you would do it:
You can also provide a path to a .ftl file instead of inlining the ftl code in your vite.config.ts file.
The code that you provide will be injected here.
For more detailed example you can refer to this section of the code that defines the the default exclusions:
If you feel limited by this option you can take ownership of the FreeMarker template that generates the kcContext. Do do this using the wonderfull patch-package.
And edit the FreeMarker template that generates the KcContext in:
node_modules/keycloakify/src/bin/keycloakify/generateFtl/kcContextDeclarationTemplate.ftl
You can then create a diff for your changes by running:
Then add a postinstall script to your package.json: