0

sorry for my poor english... I 'll do my best to write question.

Basically, keycloak provide loginPage where login form has a some name and value parameter determined by keycloak (forexample session_code, excustion, client_id, tab_id). this way is Server side randering(SSR).

However, I want to login process with keycloak in API way. In this case, it's not possible to use those parameter.

How to use apis below to login?

enter code here:8180/auth/realms/{realm}/login-action/authenticate enter code here:8180/auth/realms/{realm}/protocol/openid-connect/certs enter code here:8180/auth/realms/{realm}/protocol/openid-connect/token

KELIXO DO
  • 25
  • 4

1 Answers1

0

It's not a good practice from the security point of view to host your login page somewhere else. It would be better to allow Keycloak to have control over the login process so that the integrity of the overall process would be kept. But in case you really need to do that, you can have your own UI hosted somewhere else and send the credentials you received from the user to the Keycloak via OAuth password grant type. It's not recommended and is going to be deprecated. I suggest you to check the recommended approaches mentioned here.

zaerymoghaddam
  • 3,037
  • 1
  • 27
  • 33
  • Teacher, I have one more question. I think it`s not enough to allow keycloak to have control over the sign-up and login process because business might need self-authentication, terms of service, login-failure-count-checking in sign-up and login process. How can deal with these needs by keycloak's defualt fn? – KELIXO DO Jun 07 '22 at 13:12
  • When deciding to use an off-the-shelf product, one should always consider that there may be scenarios that can not be covered by it (i.e. either impossible or very expensive to achieve). Keycloak is very extendable (by developing custom plugins or themes), but still it may not give you the freedom to do whatever you need in a way that you want. I don't know what you mean by self-authentication, but regarding the terms and other stuff, we have done similar thing by implementing custom authenticator in the login process or registration process. – zaerymoghaddam Jun 07 '22 at 20:38
  • Would you give me a related link url? It's hard to find suitable example code about implementing custom authenticator. – KELIXO DO Jun 09 '22 at 09:47
  • Sure. Here is the example provided in the Keycloak documentations: https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi_walkthrough – zaerymoghaddam Jun 09 '22 at 11:54