Hi guys, I am really struggling understanding the authentication flow using external IDP like facebook and google, when using REST APIs.
In my use case I have a resource server and I am using Keycloak to manage the authentication and authorisation mechanisms. Therefore, I have a mobile app (client) calling the server’s resources. On such app users must authenticate either using Keycloak IDP (with username and password) or using a social login like facebook and google. The former is working properly, while the latter is kind a mystery to me.
I do understand that the client mobile app must first obtain the
identity token from the IDP, but then I don’t know how to use such token to authenticate the user with keycloak and obtain the
Thank you for your help