I have an existing SPA and I’m interested in using Keycloak for its ability to be a OIDC Provider and its ability to deliver MFA. I want to migrate my existing application over to Keycloak but I can’t seem to find an API that would allow my application to log users in / manage users without using the admin REST API, which I understand is not designed for public consumption. The reason for this is we already have our UI for user management and we don’t really want to reinvent the wheel, so our idea was to point our UI to our Keycloak endpoints instead of our own.
Is there a public API for Keycloak available? If not, are there any other alternatives (either a different software or roll out a theme that spits out JSON)? I’ve also thought of the admin API relay application approach but there seems to be no API for me to fetch somebody’s OTP QR Code image.
hi - i think you’re asking whether you can use your ui against the keycloak admin api? i don’t see why not - all you need is a client and/or user with suitable admin access to the realm.
the just pass the users access token to the admin api.
with regards to the OTP QR code - have you used the developer tools to checkout what keycloak is doing under the hood?
Is the admin API safe to be exposed to the public, or would I need a relay service with a service account to make the change on the user’s behalf?
Ideally I’m looking for APIs that I can just point the public to.
that’s not an easy question to answer without knowing more about your use cases and business requirements.
technically the admin api is secured the same as your secure app endpoints might be and either way keycloak will be receiving some public traffic.
exposing directly to the internet is more about how risk averse you are.
when you say ‘public’ do you mean anonymous? or public facing authenticated users?
Both - anonymous users would use the API to sign up, and authenticated users would use the API to manage their settings.