Is there a method to identify the UserAgent of the “browser” logging in so I can create and alternative authentication flow path/step?
Typically a user would use a web browser to login to an app but in same cases they need to do this via CLI and it’s handled slightly differently. I’d like to make a custom UserAgent for the CLI method and send it down that alternate path.
Maybe use another ‘client’ in Keycloak for the cli path. For each client you can set the specific workflow used.
You can even check for the ‘service account’ option which seems to be made for MachineToMachine access (like removing the refresh tokens from the protocol, as short renewable – via a new login-- access tokens are enough).
The issue is it’s the same client, to make another means setting up two completely separate federations and configs on the app end. The only difference here is the “browser” being used to login in one instance is a normal browser to process the login and the other is a script running at the CLI to process the login.
This is still a user logging into the same app, just one is using a browser and the other is a script via CLI.