Please let me describe the situation.
We have mobile app, backend which serves both as Rest api for mobile app and web application. Then we have keycloak which secures the backend.
The mobile app after getting access token from keycloak make a request with that access token as authorization header, open the browser to send to request to the backend. After verification of the access token inside request, Keycloak forward the request to backend which returns a web page that is display in the browser. From now, the mobile app don’t have control of the response as the user is directed into the broswer. The user after filling information, submit the form to the backend, but after verification of this second request by keycloak, the user is asked to logging by keycloak as that second request don’t contains neither access token as authorization nor keycloak cookie with hash of the access token inside. And is only after successfully logging that the second request is sent to the backend.
My question is that is there is a way to prevent Keycloak redirect user to login before processing the second request ?
We want that second request to secured by Keycloak but also prevent the user to logging after perform the first request in mobile app.
Please any help with be grateful.