Keycloak authentication using google id Token / access Token

Question

I'm currently developing a Flutter application with Keycloak as authenticating server using Open_id flutter package.

I have implemented email & password signin using Keycloak restApi for username & password sign in

I need to add google signIn in my app. But it open custom webview for google signin.

Google signin flow : Flutter App trigger Open id - authenticator with keycloak credential

--> opens custom webview

--> keycloak signIn page

--> redirects to google account signin

--> keycloak verification page

--> closes webview and return keycloak token (contains user info).

and some time the custom Webview tab doesn't closes automatically.

I have used google_sign_in to generate idToken and accessToken. and in backend used the google restApi ('https://www.googleapis.com/oauth2/v2/tokeninfo?id_token=) to get user info.

Is there any restApi for Keycloak sign in using Google idToken/AccessToken .

or any other way of authenticate keycloak using custom token ?, so i can set google api as verification url for authenticating.

Answer 1

To update on this question for anyone that comes after, recently there is a feature in Keycloak that allows to authenticate with the Google token on Keycloak API. It's called Token Exchange.

This is currently a preview feature, so it needs to be enabled by passing some feature flags --features=token-exchange,admin-fine-grained-authz

You can read more about it in this issue in Github, where everything is explained in more detail.

Then just enable token exchange on Keycloak and send the token to the keycloak endpoint /realms/{realm-name}/protocol/openid-connect/token