Oauth2 Authentication using Keycloak

before getting started it is necessary to have an authentication server with oauth2 protocol, for example, keycloak; to connect to the authentication server; after reading a new user, the system will attribute permissions based on the following parameters procedure access the main navigation menu > parametrization > authentication > oauth2 option ; the authentication method screen will be shown, with the " filters " options and " authentication methods "; as of version 9 1 2 24 9 1 2 24 , there has been a few interface changes described below the search screen is shown, where 4 options exist for the filters option description type the type of authentication there are 2 types external and internal if external is chosen, the system can accept 3 types of authentication internal , oauth2 , or both if the option is set as both, the system will show the login screen with authentication fields, password recovery, and login, using google, facebook, or run2biz keycloak if the option is set as both but no external providers are informed, the system will not show any external options if the option is oauth2 and no provider is informed, the screen with several options will not be shown, only the " run2biz login screen " provider here you can inform if the provider is google, facebook, or others domain inform the authentication domain client name inform the name of the client for authentication 5\ after filling the information in " filters ", if there is an option with the chosen filters, they will be shown on the " authentication method " table below; 6\ if there is no authentication method, you can create a new one by clicking on " new "; 7\ when you click on " new ", you will be redirected to the creation screen, with 2 tabs to be filled " identification " and " field mapping "; 8\ fill in the " identification " tab field description authentication type there are two options " oauth2 internal " and " oauth2 " provider here you should inform if the provider is " google ", " facebook " or " others " if it is google or facebook, it's only necessary to inform client's id and secret key; if it is others, it is necessary to inform name of the client, the domain, that should be the same informed on the provider url fields client id here you should inform the client id used on the oauth2 server type of concession identification of the access granted by the authentication provider this usually contains the value " password " authentication url here you should inform the path to the authentication server client secret here you should inform the client secret as it is on the oauth2 server situation here you can pick if the authentication is active or inactive this situation determines if the system will start the user synchronization process save button saves the authentication method delete button deletes the authentication method from the database clean button erases all the fields search button shown on top of the screen, this will return you to the search screen 9\ on the " field mapping ", you have more fields to fill in field description save button save the fields erase button erases all the fields search button shown on top of the screen, this will return to the search screen this tab allows the mapping of information contained in the oauth2 tokens on this screen there are two columns, one with the name of the existing fields in the user registration and another with their respective names on oauth2 tokens; the following are the information that can be mapped id number, telephone, and birth date; 10\ the return url to citsmart citsmart must be configured through the chosen external authentication platform