keycloakopenconnect

Keycloak login by skipping the login page


I have 2 different applications: say Application1 and Application2.

I have integrated Application2 with keycloak and I am able to login to this application using Keycloak's login page.

Now what I want is, if I login to my Application1 (without keycloak), I should be able to call some API of keycloak to login to application2 (without rendering keycloak's login page).

Is it feasible? If yes, how?

Any help will be highly appreciated.

Thanks


Solution

  • TLDR; No, it's not possible.

    You can login to Keycloak and get an access token for a user via API, but it can only be used to call APIs on Application2 on behalf of the user. So it would be useful if you're not going to show Application2 UI and the user will see the result of the Application2 API calls in Application1.

    The reason is Keycloak, like other SSO solution, uses cookies to track the SSO session. So if your user logins to Application2, he/she will have Keycloak SSO cookie on its browser. So when user accesses Application1 for the first time (and if Application1 is integrated with Keycloak) as it doesn't have a session, he/she gets redirected to Keycloak login page, Keycloak will notice that the SSO cookie is there and is valid so considers user as a logged in user and will not render any login UI and just redirects it back to Application1.

    You can't access that Keycloak cookie via API and even if you could, you will not be able to set it on user's browser for Keycloak domain.