[keycloak-user] Temporary support for current sign-in flow
Craig Setera
craig at baseventure.com
Sun Nov 25 17:47:10 EST 2018
As everyone is probably painfully aware from all of my questions, we are in
the midst of replacing our proprietary login flow with a Keycloak
OpenID-based flow. The eventual goal is to use the standard Keycloak login
pages to allow for extra factors of authentication such as Google
Authenticator.
One option that we've allowed until now is for customers to host custom
login HTML forms (just username and password) on their sites. This is
something that we are (most likely) going to remove support for in the long
run, but in the short term, I think we are going to need to support this if
only to allow for a transition period. The login flow is:
Customer Site (HTML form) ->
Login Handler (JEE Session) ->
Redirect browser to SPA along with JSESSIONID
All API calls use JEE sessions for "authentication". What I'm hoping to do
somehow in the short term is:
Customer Site (HTML form) ->
Login Handler ->
Keycloak ->
Redirect browser to SPA with OAuth codes/tokens
What is the best/correct way to do something like this? Should I be using
the authorization code grant in this case?
Thanks for any insights.
Craig
=================================
*Craig Setera*
*Chief Technology Officer*
More information about the keycloak-user
mailing list