[keycloak-dev] Am I doing this right?

Temporary home for Keycloak/Elytron integration is here: https://github.com/ssilvert/keycloak-elytron-temp In looking back over it, I realize I need to ask some general questions. The way the initial realm implementation works is that I implement the Elytron realm interface. Whenever Elytron asks for a user authentication, it calls out to a Keycloak server to validate credentials. The way I'm doing that right now is to use a Direct Access Grant. I adapted some of Bill's code for this purpose: https://github.com/ssilvert/keycloak-elytron-temp/blob/master/realm-impl/... On the Keycloak side, this requires allowing direct access grants on the realm and defining a direct access client. Is there any reason why someone would not want to do this? If so, should I provide some alternate means of authentication? Stan