Professional Documents
Culture Documents
First Broker Login flow is used during first login with some identity provider. Term First
Loginmeans that there is not yet existing Keycloak account linked with the particular
authenticated identity provider account. For more details about this flow see the Identity
Brokering chapter in Server Administration Guide .
Authentication of clients
Keycloak actually supports pluggable authentication for OpenID Connect client applications.
Authentication of client (application) is used under the hood by the Keycloak adapter during
sending any backchannel requests to the Keycloak server (like the request for exchange code to
access token after successful authentication or request to refresh token). But the client
authentication can be also used directly by you during Direct Access
grants (represented by OAuth2 Resource Owner Password Credentials Flow)
or during Service account authentication (represented by OAuth2 Client
Credentials Flow).
For more details about Keycloak adapter and OAuth2 flows see Securing Applications and
Services Guide.
Default implementations
Actually Keycloak has 2 default implementations of client authentication: