I am currently looking into the options to authorise a FM app - runtime solution in my case - using Keycloak SSO. Basically, the idea is to use the same credentials for login to both the FM runtime and the Keycloak authorisation server. This way the runtime could be "disabled" remotely. Communication with the Keycloak server would be handled using the cURL library (available in the MBS plugin).
Before digging any further into this subject I was curious whether there is any experience with this kind of approach from other developers who would share their findings. Any comments, hints, etc. would be very much appreciated.
Many thanks in advance!