Hi,
I'm currently part of a team
implementing a single sign on solution using Open ID Connect
and Keycloak.
We have a number of services which
all interact with a central Json Rest API. The API is secured
according to the second Open ID Connect use case as described
in the
Keycloak docs. That is to say, all API
clients must obtain a digitally signed access token from
Keycloak and then pass it over on every request (in our case,
within the Authorization header).
One of the services is a native
mobile application. This application already has social
login/registration implemented and the team would prefer not
to redirect to Keycloak as per the standard authorization code
flow. Instead, they would like to obtain a Keycloak access
token using the previously obtained social login credentials.
This seems to pose a problem as
the direct grant flow doesn't support social login. Is there
any way to achieve this?
Kind Regards,
Tom Pearson