Here is the use case:
Third party application using Oauth2 to authenticate users with their own idp and this application needs to consume our REST API with our JWT.
Current Solution:
- Once user is authenticated in their app with their IDP, they need to start Oauth flow with our idp i.e. Keycloak.
- Our idp will redirect to their idp, since user is already authenticated so it will give auth code and our idp will get their access token and after verification our idp will give our JWT.
- Their application will now access our REST API with our JWT.
Alternate Solution:
- They call token exchange API of our idp with their JWT to get our JWT in return.
- They access our REST APIs with our JWT.
Second one is quite simpler, but issue is Keycloak provides token exchange feature in technology preview mode.
Any idea, when this would be available in GA mode ?
-Regards,
Navin