for UX reasons we’re using implicit flow for our application “A”, i.e. we have a login mask in our application “A” which uses Keycloak API under the hood to obtain an access token for the user.
We have a second application “B” that relies on explicit flow, though, and we would like to have the user login only once in our application “A” in order to be logged-in into “B” as well.
When accessing app B, the user is redirected to the Keycloak authorization endpoint. I’d now hope that if our implicit flow sets the KC-specific cookie with auth token etc in the same way that KC does, then KC will immediately redirect back to the /auth endpoint of app B (supplying an authorization code, so login on app B is performed).
Is there perhaps any documentation on the Keycloak cookie containing the access code, so we can mimick it?
Or is there perhaps another conceivable way to achieve the same result (while keeping implicit flow for app A)?