We have a requirement, where we need to bypass the login page and directly provide access to the user based on a token that has the email of the user.
We are using the email of the user and generating an access token for the user using admin credentials in Keycloak.
Even after getting an access token, we are not understanding how to start a session in Keycloak using the access token or refresh token or id token that we get.
We generated the access token with the help of steps provided in the below link: Keycloak: Generate access token for a user with keycloak-admin
Can anyone suggest how to proceed further on how to initiate a keycloak session
I would suggest using the action token spi. You can see an example in the quickstarts: action-token: Using Action Token to Incorporate External App Call into Authentication Flow.
The way you could use this feature:
The action token should be one time use.
The user would be given the link generated by the REST endpoint from 1. and it should be able to login without any password.
In my opinion, this is way more secure than passing access tokens to the user.