Hi,

I'm currently part of a team implementing a single sign on solution using Open ID Connect and Keycloak. 

We have a number of services which all interact with a central Json Rest API. The API is secured according to the second Open ID Connect use case as described in the Keycloak docs. That is to say, all API clients must obtain a digitally signed access token from Keycloak and then pass it over on every request (in our case, within the Authorization header). 

One of the services is a native mobile application. This application already has social login/registration implemented and the team would prefer not to redirect to Keycloak as per the standard authorization code flow. Instead, they would like to obtain a Keycloak access token using the previously obtained social login credentials. 

This seems to pose a problem as the direct grant flow doesn't support social login. Is there any way to achieve this?

Kind Regards,

Tom Pearson