Using OAuth2 with only 1 IDP

Hi all!
I am discussing the OAuth2+OIDC implementation architecture in a project using Keycloak.

Well, OAuth2+OIDC was widely defended for the architects and SI guys, for a lot of features and integrations, mainly Keycloak integrations.
The question is: We, until now, have only just one Identity Provider for user credentials. Even so OAuth2 is the best solution for us?

One the strong arguments is that we could use the Keycloak features for login, 2fA e another standardized features. These, login FLOWs, only possible with OAuth2? Is there another pattern to use this features without OAuth2?

IMHO we need 2 flows, one for OAuth and another to connect to your iDP. Is this right? Is there a pattern for the second flow?

Thanks you.
Paulo Gervasio.

Contemporary browser-based applications use OpenID Connect (OIDC) for Authentication and OAuth 2.0 for Authorization.

The recommended OIDC flow is Authorization Code Flow with PKCE.

You can create a User Federation to your IdP.

Some additional resources:

• Getting started with Keycloak
• Angular, OpenID Connect and Keycloak
• Angular, OAuth 2.0 and Keycloak
• Keycloak Examples

Hi Robinyo.

Thanks for the answer.

Sorry but my doubt is when I have just only a security context. So I don’t need, at least in this moment, allow that another federation to validate my credentials and consequently change my security context.

Even so OAuth is the choice?
OAuth RFC says:

The OAuth 2.0 authorization framework enables a third-party**
application to obtain limited access to an HTTP service…
RFC 6749 - The OAuth 2.0 Authorization Framework

In my case there’s no a third-party application. So what’s the right pattern for my case?

Thanks.