[keycloak-user] Guidelines about OAuth use case

Hi all, I must admit that OAuth sometimes appears a little complex for me and I have a use that I'd like to submit in order to collect opinion and/or best practice. My application components are : - a keycloak server configured. - a REST API (/api) protected using WAR adapter - a Angular GUI client of this REST API using JS Adapter - another REST API (/tools) The /tools API is accessed by the Angular GUI but is also a client of the REST API (/api) The /tools application have a rest-api-client.jar embedded that support Credentials Client Grant to ensure OAuth authentication in order to access the /api REST interface. What I expected to do was to allow the Angular JS to propagate its authentication in order to allow the /tools application to access /api authenticated also. I'm facing the problem on how to propagate the JS Adapter authentication to the /tools application to allow it to use in the rest client ? I did not mention that the /tools application is a background task manager that could run a long time away after tool job submission... I'm pretty lost in all the OAuth grant scenari and any suggestion should be highly appreciated. Thanks in advance, Jérôme.