Authenticating a user
The most common way to authenticate a user with Keycloak is through the OpenID Connect authorization code flow.
In summary, to authenticate a user with this flow, an application redirects to Keycloak, which displays a login page to authenticate the user. After the user has authenticated, the application receives an ID token, which contains information about the user.
In the following diagram, the authorization code flow is shown in more detail:
The steps from the diagram are explained in more detail as follows:
- The user clicks on a login button in the application.
- The application generates an authentication request.
- The authentication request is sent to the user in form of a 302 redirect, instructing the user-agent to redirect to the authorization endpoint provided by Keycloak.
- The user-agent opens the authorization endpoint with the query parameters specified by...