Hello,
I need some advice on the feasibility of a requirement I have.
I have a frontend application and an API.
I would like to be able to enter information in my frontend and then, through my API, create the user in Keycloak using the Keycloak admin API.
I would then like my frontend to redirect the created user to a webauthn key registration page.
At the end of the webauthn key configuration (which ideally should be an optional step), I want my user to appear as logged in on my frontend.
Do you think this is possible? Is there a secure way to accomplish this journey? I thought about using an actionToken, but the problem is that at the end of my actionToken, I am not considered authenticated, despite my completed webauthn configuration.
I know that the “register” flow would solve my problem and is probably more secure, but due to some constraints, I would like to avoid going through Keycloak’s default “register” flow.
Thank you in advance for your help.