Hi all!
I am discussing the OAuth2+OIDC implementation architecture in a project using Keycloak.
Well, OAuth2+OIDC was widely defended for the architects and SI guys, for a lot of features and integrations, mainly Keycloak integrations.
The question is: We, until now, have only just one Identity Provider for user credentials. Even so OAuth2 is the best solution for us?
One the strong arguments is that we could use the Keycloak features for login, 2fA e another standardized features. These, login FLOWs, only possible with OAuth2? Is there another pattern to use this features without OAuth2?
IMHO we need 2 flows, one for OAuth and another to connect to your iDP. Is this right? Is there a pattern for the second flow?
Sorry but my doubt is when I have just only a security context. So I don’t need, at least in this moment, allow that another federation to validate my credentials and consequently change my security context.