Urgent help required to unblock Keycloak authenticate for machine to machine logins

Hello All,

I am quite new to using key cloak and end up in a puzzle. I want to know how I can do machine to machine logins without browser flow in key cloak. I am searching all over internet past 20 days but still no clue to how I can config the machine to machine login key cloak without browser flows.

When I use key cloak direct flow my request die at IDP , IDP unable to redirect to back.

Setup

Broker A
- I created a client as OpenID Connect (redirect URL to TEST API)
- Create an IDP provider and it use the client as OpenID connect (which is created in IDP B)
IDP B
- Created a client as OpenID Connect
- This client have a user

TEST API
- I had setup the OpenID Connect auth flow using .NET
- known configurations for Broker A

I followed blogs from internet below one I used.

Problem -

How I authenticate TEST API , using brokers → client id and secret without login to IDP as IDP already setup as Identity provide and have client id and secret in broker.

I have 2 instance of Key cloak ( A as broker, B as IDP) and a rest API which I want to authenticate it.

I want this flow :-

Test API → Broker A → IDP B → Test API , without browser

Please suggest and share example which can help. Please feel free to reach out to me if you have more question or try to understand more.

Disclaimer, haven’t read the question (just the subject), Machine to Machine (M2M) Authorization → OAuth 2.0 Client credentials flow [1]

[1] RFC 6749 - The OAuth 2.0 Authorization Framework

Hi,

Thanks for sharing, could you help or share any resource to solve this problem?

First, in order to achieve client_credentials flow (not browser) you have to enable this in your client:

Then as I understood, you want to reach API without entering any form data? So, Broker A will authenticate the user by client_credentials flow from IDP B?

request → broker A flow → redirect to IDP → get the token by client secret & id → return API data?

Try to enable this in your broker A client.

Hi,

Thank you for your reply, Yes I had tried client_credentials flow. I am following same setup as shown in the screenshot shared by you.

So I am trying to achieve following flow

Request from API → Broker A flow → IDP B → Get the Token → return API (API Authenticated)
(Client ID and secret of Broker)

Question : How to make redirect to request IDP in case of client credentials flow?, I know it’s possible in standard flow or implicit flow.

I had tried with all Authentication flows, but no luck so far to achieve this.

Broker client, ID and secret used for API Request.

IDP Client setup which is connected to broker as IDP.