By “custom work” do you mean some client tool that uses CLI to do the curl calls, but actually does some work on its end?
I’m looking at this flow Brokering Overview | keycloak-documentation (gitbooks.io)
I guess that to implement that, one would have to
- curl the initial request
- in the simplest case there’s a default provider configured so the result would actually be a redirection 302, the client tool would then have to follow the 302, by another curl call.
- This is where I guess it breaks down because that leads to an id provider web page, the client tool would have to probably parse it for some token and answer a form by hand, basically the client tool is redeveloping a small part of browser (and it may even be impossible if there’s a captcha)
- if successful, the client tool would receive yet another 302 back to keycloak, where it would arrive authenticated.
Is that correct?
Which would mean that implementing all that is nearly impossible, mainly because of the external id provider, the best Keycloak can do is provide some neat redirections, but there’s no controlling what the id provider might return.
And I guess what postman does is manage the redirections and open the id provider’s web page in a browser.