Silent OIDC by providing access tokens

157 views
Skip to first unread message

Sharon Chan

unread,
Aug 12, 2022, 5:07:32 AM8/12/22
to Keycloak User

Hello,

I am using keycloak to broker Microsoft as IdP to log in to my service. I already set up a working OIDC flow as follows: A login to my web app is redirected by keycloak-js-adapter to Microsoft's login page, when user inputs microsoft account credentials, keycloak completes the OIDC process and redirects to my service.

Now my service is wrapped inside a Microsoft Teams tab application. From Microsoft Teams I want to use the Microsoft Authentication Library (MSAL): https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-acquire-cache-tokens
This will silently get the Microsoft login session being used to login the Teams app itself, and return the id token, access token, refresh tokens.

However, I still need keycloak to handle logging into my service. The keycloak-js-adapter redirects to Microsoft login page, which does not take the tokens.

My question is, how do I integrate these two flows? Is it possible to provide the OIDC tokens to keycloak, so that keycloak does not require the user to login Microsoft again?

Appreciate any hints. Thanks a lot.

Reply all
Reply to author
Forward
0 new messages