I am evaluating using Keycloak as a broker for various Identity Providers. It seems to tick all the boxes of what we need.
Unfortunately while trying to get a proof of concept working it looks like Keycloak only support OIDC identity providers - noticably requiring an ‘openid’ scope to be sent along, something the non-OIDC application doesn’t understand.
The enforcement of the ‘openid’ scope seems to have been implemented to be compliant with the actual OIDC spec in https://issues.redhat.com/browse/KEYCLOAK-3237 which introduced my “problem”.
Additionally I understood from some other Discourse posts that some of the shipped social identity providers are actually non-OIDC either and have a standard oAuth 2.0 implementation as well, although the admin UI only allows for creating OIDC based providers.
Is there any way to use ‘plain’ oAuth 2.0 identity providers with Keycloak? I couldn’t find extensions that add support for this either and it won’t be feasible to write custom Keycloak extensions for every non-OIDC identity provider that will need to be added.
Any suggestions would highly appreciated - Keycloak definitely looks like a great piece of software that will take away a lot of bootstrapping & security optimizations, if able to be (made to) work with plain old oAuth too .