I have a Node backend that, using 'openid-client', creates a 'client' that maps to a specific Keycloak client, redirects the user to Keycloak's sign in page, then collects the authorization code and requests the user tokens. The token set returns the roles for that specific client.
Now the issue is I want this same authenticated user to also be able to sign up for another client in the same realm and get the roles in this second client, but without having to redirect the user in the browser to Keycloak (which I assume would quickly return to the app without again requesting the user for credentials, since the user already has a session in Keycloak)
I don't know if it's an issue with me not knowing the right search terms, but this seems like quite a simple thing, but somehow I'm not finding information on how to authenticate to a second client. Is there an OpenID endpoint to which to send a token, the second client id and the second client key in order to get back an updated token?
Or, even better, can I initially create the authentication request for both clients and not just one? Is that a possibility?
I need to authenticate in both clients to know what my frontend can display or not, since it depends if the user has the access for both or just one of them.