Avoid keycloak default login page and use project login page
Expanding on the API roles
POST to your/keycloak/url/auth/realms/master/protocol/openid-connect/token
with data:
{ client_id : 'Id_of_your_client', username : 'your_username', password : '@#$%^&', grant_type : "password"}
will give you the initial access token and refresh token
and
POST to the same URL with
data:
{ client_id : 'Id_of_your_client', // client_secret : 'optional depending on the type of client', grant_type : "refresh_token" , refresh_token : refresh_token_you_got_earlier }
will give the new refresh and access tokens .These tokens are what keycloak checks for authorization/authentication.
You could make your own login and send the credentials to keycloak via a REST API and once you have the access token , just put it in the header of any ongoing request to a keycloak protected resource as
headers :{ Authorization : 'Bearer ' + access_token_you_got}
3 steps:
- In the keycloak/themes/ directory create folder with name eg. myTheme.
In the myTheme folder place your custom login page
(the structure must be same as base or keycloak themes, my advice is to copy the base theme, rename it and customize it).
Go to the admin console of keycloak into Realm Settings > Themes > Login Theme and select myTheme.
- You probably should stick with the Keycloack's forms. They bring nice features (SSO, pw reset, etc.) and are fully customizable (via themes). However, there it is possible to obtain the Access Token via so called Direct Access Grant. It can be done via Keycloak REST API.
- Storing the custom user info (gender, job, etc.) is done by User Attributes
Both topics are more or less covered in the official Keycloak Docs.