As per the current login flow, the frontend sends a username and password to the backend application and the backend authenticates the user using an OAuth grant-type password. This is not a recommended approach for many reasons.
Fix:
Use keycloak.js in front end application to support login with code flow. It also solves the token refresh problem
This is an enhancement ticket
Issue:
As per the current login flow, the frontend sends a username and password to the backend application and the backend authenticates the user using an OAuth grant-type password. This is not a recommended approach for many reasons.
Fix: