Is it possible to get authorization code from the Admin Rest api?

I’m a little confused about something.
we want to implement a proper OAuth flow on our website.
from all the guides I read i should do something like that:

  1. in our frontend - send username and password to KC “token” endpoint and get an authorization code
  2. pass this code to our Backend server
  3. Backend send this code + secret to the KC to get a valid Access token (and refresh token)
  4. BE send the access token back to the FE
  5. and from now on every request i want to send from the server i use the access token i get from the FE

Is it possible to implement this flow using the Admin Rest API?
cause I can’t see a way to do this

The best i found that i can use “auth/realms/myRealm/protocol/openid-connect/token” in order to get directly that Access token (by using “grant_type=password”)

Note that we don’t want to use KC login pages , rather use our own


It is not recommended to use your “own” login pages. Much of the value Keycloak provides is an implementation that is properly built and does not introduce security holes/bugs.

1 Like

yhea, I’m aware of the implications of using our own login pages.
but this is the requirement at the moment

Then most of what you need should be in the documentation on using the token endpoint.

Also, I don’t know if you are aware, but there is a great, community-contributed library for building login themes in React: GitHub - InseeFrLab/keycloakify: 🔏 Create Keycloak themes using React