Authentication

[Daniel-Monroy]

Hello!

I am currently working on implementing an API that will have third party users. My goal is to establish an entry point for the login process, whereby user credentials (username and password) can be provided. Subsequently, authentication will be carried out through Keycloak, to finally return the corresponding token.

I would like to know if it is feasible to perform this operation using this library, or if any of you are familiar with alternatives that might prove effective for this purpose. I really appreciate any guidance on this!

[ferrerojosh]

You should have a separate front end client to do that for you. You can natively use keycloak official libraries there or any supported authentication methods keycloak provides. Authorization Code Flow w/PKCE should be the strongest one and highly recommended. You can use the access token generated from that client and pass it on to your backend (which is by its own right, its own client) which only needs client_id and client_secret to authenticate to your Keycloak server and validate that generated token from your separate front-end client.

[kirisakiken]

keycloak also have its native login page which is also available for customization. If you are looking for a front-end solution, you can use that.