Keycloak Identity provider rest endpoint to login with identity provider

Question

I have created identity provider and from browser it's working fine.

Reference : Keycloak Identity provider post-broker-login throwing error

From browser I can do login with external IDP and if the external IDP user is not there in keycloak it gets created in the keyclock that is absolutely fine and redirect to dashboard.

But my question is how can we do this flow with keycloak rest api?

Is there any api for to login with external IDP and will get the token of external IDP as well as token of keycloak?

Answer 1

For the typical user authentication use-case, ideally the user would simply get redirected to the Keycloak login page of your realm, would click on the external IDP, and proceed with the authentication process.

But my question is how can we do this flow with keycloak rest api?

Via the Keycloak Rest API I do not think you can perform this exact flow, at least not out-of-the-box.

Is there any api for to login with external IDP and will get the token of external IDP as well as token of keycloak?

You can use the Keycloak's Direct Access Grand flow (aka Resource Owner Password Credentials Grant in terms of OAuth2 specification), exchange the user's credentials for a token from the External IDP. Afterwards, you can then perform an external-to-internal token exchange of the token from the external IDP for a token from your internal Keycloak realm.

Bear in mind, however, that some might consider this approach has not being a good practice, read more about it in this stack overflow thread.