Authentication
Hill90 uses Keycloak as its identity provider, implementing the OpenID Connect (OIDC) and OAuth 2.0 protocols.How It Works
- Users authenticate through the Keycloak login page at
auth.hill90.com - Keycloak issues a JWT (JSON Web Token) upon successful authentication
- API requests include the JWT in the
Authorization: Bearer <token>header - Backend services validate the JWT signature and claims on every request
Roles
| Role | Access |
|---|---|
user | Manage own agents, view own profile, upload avatar |
admin | All user permissions plus: start/stop/delete agents, view logs |
UI Authentication
The Next.js frontend uses Auth.js v5 for session management. When you sign in through the UI, Auth.js handles the OIDC flow with Keycloak and maintains your session automatically.API Authentication
For direct API access, include your JWT bearer token in theAuthorization header:
A full guide on obtaining tokens programmatically (e.g., via the Keycloak token endpoint) will be added in a future update.
Next Steps
- API Reference — See which endpoints require authentication
- Services — Learn about individual service responsibilities