Our development team was tasked with implementing a complex OAuth 2.0 Single Sign-On flow across multiple services and components. Aside from internal users, the authentication flow also needed to allow external parties to use a limited set of APIs and system endpoints.
Keycloak service
The team has created a new Keycloak instance and altered existing modules to redirect authentication and authorisation requests to the new infrastructure. A number of endpoints were created for external parties, with an authentication token system put in place.