Choosing an integration architecture
Integrations that are embedded into your technology stack are usually provided by a third-party library, framework, web container, or application server. In this style, your application talks directly with Keycloak and is responsible for making requests and processing OAuth2 and OpenID Connect responses. Applications using this style usually need to implement some code or provide some form of configuration to enable support for these protocols. Any setting you need to change will require you to redeploy your application:
On the other hand, in the proxied style, there is a layer of indirection where the integration is managed by a service running in front of your application, which, in turn, relies on HTTP headers to fetch tokens or...