Description
Currently the options to authenticate the client with Keycloak are limited to either the password grant or the client_credentials grant. I would like to see the device_code grant added to be able to use it command line tools that use accounts that have MFA protection similar in a way Azure commandline tooling works. Keycloak supports the device_code login flow.
Discussion
No response
Motivation
Right now I have to either use the password grant to be able to audit which users change apply which changes using the admin client. But the password grant does not support MFA authentication. Which means I have to have admin accounts with limited protection. The other option is client_credentials, but then all actions are from the same service account user and auditing becomes impossible. Allowing for the device_code grant will remedy this.
Details
As far as I can see it is fairly simple to implement, most if not all changes are inside the token manager.
Description
Currently the options to authenticate the client with Keycloak are limited to either the password grant or the client_credentials grant. I would like to see the device_code grant added to be able to use it command line tools that use accounts that have MFA protection similar in a way Azure commandline tooling works. Keycloak supports the device_code login flow.
Discussion
No response
Motivation
Right now I have to either use the password grant to be able to audit which users change apply which changes using the admin client. But the password grant does not support MFA authentication. Which means I have to have admin accounts with limited protection. The other option is client_credentials, but then all actions are from the same service account user and auditing becomes impossible. Allowing for the device_code grant will remedy this.
Details
As far as I can see it is fairly simple to implement, most if not all changes are inside the token manager.