If I want to authenticate a user on my client application with only one social login option (say google for the sake of this question) is there a way to go directly to google on the website instead of going to keycloak login page and going to google from there. From UX perspective it makes no sense to press login (client app) only to be redirected to a web page (keycloak login page) where there is only one button that says “Login with google”. Ideally I’d want to have login with google on my client app. Is this possible with keycloak?
https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows
- Identity Provider Redirector
This action is configured through the Actions > Config link. It redirects to another IdP for identity brokering.
Here you can configure default redirector, which alwas directly redirects to google or whatever you configured, without klick on login button.
2 Likes
Here’s another problem tho. I have a bot application that needs to authenticate with keycloak to access my api as well. Unlike the client application where end user logins through social login, this bot application needs to authenticate programmatically when it runs. I was thinking of using username, password to authenticate this bot application. With your solution it seems like I limit entire realm to social login only (which bot user cannot do). What can I do in this situation?
To elaborate further consider the following elements: web app client (react.js), rest api (nest.js), keycloak, IdP (google), bot application (node.js).
For client user authenticates through clicking a button which redirects user to google where they need to authorize the app then google redirects back to keycloak url which redirects back to client.
Rest api (nest.js) validates token that comes from clients through keycloak
How will bot application (node.js) authenticate with keycloak to get jwt token so it can send requests to the api?
For bot applications, it is recommended to use the client credentials grant, which is not redirected to upstream IdPs. I would create a special client just for using the client credentials grant.
1 Like
Sounds great. I’ll check that out. Thank you for help.