Oauth2
Oauth2 is a protocol for authorization, which supports a range of ways that an actor may identify themselves.
Oauth2 uses Grant Types to determine the mechanism of how a user is authenticated. Broadly speaking, "real person" identities will authenticate with their username and password or SSO credentials using an authorization_code grant type, while service accounts will authenticate via a client id and secret using the client_credentials grant type.
When an oauth2 authentication flow is successful, keycloak will supply an access token that can be used to check the identity with the issuing server. These tokens are runtime-only and passed in via either an Authorization header, or the cp_token cookie.
Why Oauth2?
Oauth2 is a well-supported protocol that has many on-the-shelf identity providers. By using Oauth2, we can authenticate any user, whatever their identity provider, using the same protocol across all services.
Oauth2 Authentication Flow
