User Registration and Login from Native Flutter screens

I have a Mobile app build with Flutter for both Android and iOS which currently uses standard Oauth2 Registration Flow and Authorisation code grant flow for login by redirecting users to a browser webview for Keycloak UI screens
Mobile app team now wants to use native Flutter screens for User registration and Login,

Are there ways to expose Rest API from keycloak other that the Keycloaks Admin API (Exposing this API is not and option) for User Registration and Login(other than Password/Direct Grant flow)

Without enabling Admin API and Direct Grant Flow is there any way to expose REST API for my mobile app for these 2 flows. May be a Custom Resource Provider endpoint for User Registration and Login, Please advice.

I understand that we are butchering the standard OIDC Oauth2 flow, but this is our requirement and I am tasked to solution this.

Any help would be helpful.

Short answer: No.

The only valid (but not recommended option) would be the direct grant flow.

The main idea behind OIDC authentication is, that the app never even gets to see the user credentials, so what you want to do would actually circumvent this.

1 Like

Strictly speaking, not even embedded web views should be used, but always the operating system’s standard browser. Nothing else.

2 Likes

@bpedersen2 Thanks for your response, Do you know if we can impliment Email OTP for direct grant flow?

@mbonn Thanks for your response, I will recomond the mobile team to use the OS’s default browser.