I have a web app that I want to authenticate using Keycloak. After login, I need to check and show the content according to the user role. Can I use Keycloak OpenID API i.e. http://localhost:8080/auth/realms/{realm-name}/protocol/openid-connect/token for custom login authentication into the app and then check the user roles manually using Keycloak Admin API’s after getting the access token, or is there any other way using the default Keycloak login page?
I have searched a lot but haven’t got a proper answer for this.
You can map the user roles into the access/id token itself, then you won’t need to call an additional API. Take a look at the documentation here Server Administration Guide and post here if you have specific questions.
You want to use the OpenID Connect browser flow “authorization code flow”. There is no OIDC “API”.
Using the ROPC is deprecated: draft-ietf-oauth-security-topics-18
Don’t use custom login pages in your app, use Keycloak as your auth server!
If I use the Kyecloak auth server how will I get the User Role after logging into the system that was my question?
Because in the OpenID-Connect API I can get roles in the access tokens.
You get an access_token also from the auth code flow.
Do yourself a favor and read and understand the OIDC spec and flows more. Authentication is more than just calling an API.