Logging in users via rest api (username + password + otp)

Hello,

is it possible to log in a user e.g. via a console application or a powershell script with the username, password and otp? I already get the otp from my application which has the secret stored.

I have already tried to do it via the HTTP requests, but unfortunately there are too many cookie sets, etc… Could someone possibly make it transparent how exactly this works in the background?

My problem in general is that I have several services, one service account alone would not solve this problem, as different services are allowed to access different things.

From a security point of view, it would make sense to store username + password and OTP key_secret and use them for authentication, then the services would be in the Services group and the users in the Users group.

Is there a better alternative, or are there already libarys or rest calls collections that show how to log in to Keycloak using only rest calls?

Thank you

If it’s only a few services, you might reconsider the Service Account and create multiple Clients, one per service. Each Client would have a unique Service Account.

It sounds like your services need to call each other and they’d be able to do this by maintaining each other’s client_id and client_secret.

Thanks for your reply

no i’m talking about well over 1000 services and no they don’t have to talk to each other, they have to communicate with our servers, so they behave like normal users, they are there for the sync, for example.