Is it ok to proxy the Keyclocks APIs

Our website needs to have popup models for login and register and as I know Keycloak requires us to open a new tab for user to get logged in, so the solution came to my mind was to proxy the apis to have our custom login - register scenario, Is it technically ok? or is there any better solution?

Opening pages (no matter which pages) in popups is a bad behavior of apps in general. For security relevant use cases especially!

That said, it’s possible to configure Keycloak to appear in frames and other ugly circumstances, you’ll have to configure it, it’s hidden in the docs, but it’s there. I won’t write it here, because it’s bad behavior is terms of security.

Also bad behavior is trying to proxy anything and thinking this would be a good idea. This is just a man-in-the-middle which is to avoid by all means.
If you want to have your custom login pages, then use Keycloak, don’t use an IdP in general.
You can style the Keycloak pages to your requirements!

1 Like

I agree. Nowadays, using traditional modals for signing in brings to mind the nineties :slight_smile:

The same goes for using iframes, you end up encountering issues due to browser cookie restrictions, and these restrictions keep changing after a while, making maintenance difficult

My recommendation is to follow the standards. If the standard does not apply to your scenario, then don’t use it.

1 Like