We have a scenario where out users login to a application that uses a confidential client. Once they are logged in providing username/password we have some custom applications that are run as extensions inside which require authenticating with keycloak via a public client. When the user is interacting with this extension (which is client side) the user is redirected to provide username/password and authenticate again with the public client. Is ti possible to somehow reuse the confidential client token since the user already authenticated and not show the login again scenario?
We are just trying to avoid the user logging in twice during this flow. Thanks