Seems that keycloak supports reCaptacha in the registration form which is great but, i my view not enough. To decrease the expose surface, i would like to include Google reCaptcha in the Reset/Lost Password and Login forms.
Any advise or suggestions?
Halo, did you find the best practice??
You can implement a custom Authenticator and add it to your login flow. There has been discussion about this elsewhere (java - How to implement Recaptcha on keycloak login page - Stack Overflow) and I believe there are some implementations on GitHub.