Autenticate server services through external IDP token

Hi guys, I am really struggling understanding the authentication flow using external IDP like facebook and google, when using REST APIs.

In my use case I have a resource server and I am using Keycloak to manage the authentication and authorisation mechanisms. Therefore, I have a mobile app (client) calling the server’s resources. On such app users must authenticate either using Keycloak IDP (with username and password) or using a social login like facebook and google. The former is working properly, while the latter is kind a mystery to me.

I do understand that the client mobile app must first obtain the identity token from the IDP, but then I don’t know how to use such token to authenticate the user with keycloak and obtain the access token.

Thank you for your help
Stefano

Hey guys, I would really appreciate some help with this. Thanks