Only with the difference that Keycloak delegates the login to a third party IdP. After logging in at this third party IdP I end up with an active session in the Apiman UI (the apiman realm of Keycloak).
Now I am wondering how to get the bearer token, because I do not have a username/password combination I can use to make a call like:
curl -X POST http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d 'client_id=apiman'
Because the username/password combination is linked to the third party IdP and not to Keycloak itself.
Is there another way to obtain the bearer token?
Perhaps this is aquestion which I should address at the keycloak mailinglist. I will try to ask the question there as well.