Login Keycloak backend

Friends, Is it possible to login to keycloak without going through the front of the keycloak itself?
How can I configure NodeJS with Typescript to allow login without going through the Keycloak front?

This is not really what Keycloak is intended for. There is the method of direct grant, which can use the password grant type to get a token, e.g.:

curl -i --request POST http://localhost:8080/auth/realms/master/protocol/openid-connect/token --header "Accept: application/json" --header "Content-Type: application/x-www-form-urlencoded" --data "grant_type=password&username=admin&password=admin&client_id=admin-cli"

but this is not the recommended mechanism of using Keycloak to secure a webapp. Can you tell us more about your use case, and why you don’t want to use the Keycloak login frontend? Maybe there is another solution to your requirement.

Do you mean to say, you want users to log in, without leaving your application and being redirected to Keycloak? Or do you mean you want to replace the login page with your own?

Thanks for the answer.
Keycloak is integrated with LDAP, my interest is in enabling the following flow:

User accesses my login screen (Front), enters credentials… This information will be forwarded to the backend and the backend will perform the validation of credentials in Keycloak…, if valid, the backend receives this token and returns it to the Front .
Is this flow correct?

Could you suggest me the best way to use Keycloak to make the most of the available resources?


Helo! The intention is to allow login on my screen anyway.
Using this way, will I be harming my application in any way?
What would be the best practices for this case?
What benefits of using the Keycloak screen to login?


You can do this with the “Resource Owner Password grant” but it is not recommended.

The purpose of SAML/OpenID Connect protocols is to separate the service that performs the authentication from the service that requires an authenticated user. So, you would have your web site, www.site.com, which has a login page that redirects you to keycloak.site.com, and the user enters their password there, and is redirected with a token back to www.site.com. That way, your application at www.site.com never has to handle the user’s password at all.

1 Like

Could you explain more about the advantages of having this separation?
Using the Keycloak template to login would be the best option as I understand it. Is correct?

Yes, this is the recommended and most secure way. And if you’d like to style it to look like your site you can create your own custom theme:
And there’s a new, great way to write custom login themes in React:

Also, if you you choose to write your own theme from scratch (not using Keycloakify above), I have a theme template that will help you start: GitHub - xgp/keycloak-theme-template: Starter for building a Keycloak theme