Logging in a user from an external system

cpx-graeme · July 15, 2021, 4:51am

A customer has come to us with a flow that does not fit into the usual mould, and I’m not sure how to securely achieve the desired result.

Users browser requests access to our system (outside our control).
Customers API posts XML to our API server (can be trusted).
Our API server creates a new user in keycloak (no issue here)
Our API needs to return XML with a url to redirect the user to (no issue here).
Users browser is redirected to the url. (outside my control)

At this point I need the user to be logged into our angular frontend, without displaying the keycloak login page.

I’m a little bit stumped on how to approach this, any advise on how to achieve this would be appreciated.

xgp · July 15, 2021, 7:31am

The best way I can think of would be to use the Action Token SPI to create and return a url to the user that will automatically log the user in and redirect them to the right place within the application. This will redirect to keycloak to check the action token, and then redirect back to whatever url you specify. Assuming the action token is valid, the user will not be prompted to login.

Topic		Replies	Views
How to generate a direct login url Getting advice	2	1427	July 30, 2021
Logging a user in directly from an ActionToken Extending the server authentication	8	5971	July 19, 2022
Post-login redirect Getting advice	0	3181	April 20, 2021
Is there a way to do a custom redirect from Keycloak? Getting advice	3	2505	October 5, 2022
Callback on user registration/login? Getting advice	6	4482	April 16, 2023

Logging in a user from an external system

Related Topics