I’m currently developing an Android application and I’m trying to introduce MSAL with my current Keycloak / Azure authentication flow. However, my backend is set up to validate by Keycloak tokens and I need to maintain this setup.
Here’s the flow I’m trying to achieve:
- Authenticate users with Keycloak + Azure AD using MSAL.
- After successful Azure AD authentication, redirect to Keycloak.
- Keycloak redirect to APP.
I’m looking for guidance on how to implement this flow. Specifically, I’m not sure how to configure Keycloak as IDP from MSAL / Authenticator.
If this is not possible, are there any workarounds or alternative approaches to achieve this?
Sequence diagram of wanted flow:
I have tried to configure MSAL to use Keycloak but couldn’t find any way to do that.
I have also looked into B2C which should support other authentication mechanisms but it seemed to be impossible in MSAL for Android, was present in MSAL js.
The authentication flow with keycloak and Azure configured as an identity provider is working perfect, but just need to add MSAL into the picture to achieve SSO. As keycloak will redirect to Azure at login we should be able to reuse the same Azure session if it already has been established by another APP/Browser on the Android mobile phone.
Any help would be greatly appreciated.