We want to provide user self registration for our apps.
We want to chose between 2 options
- user creation screen hosted in Keycloak
- user creation screen hosted in each app (web or mobile), calling Keycloak API to trigger account creation.
Is there a security risk in creating account from the app calling the API ? I particularily think about needing to transfer password in clear (though https of course). I also think about enforcing password policy.
Thansk