We are successfully running Rocket.Chat with keycloak and OpenID Connect in a production environment.
Our client settings in keycloak:
Consent-required: off
Accss-type: confidential
Standard-flow enabled: on
Impicit-flow enabled: on
Valid Redirect URIs: http://localhost/_oauth/myidentityprovidername , http://mychatserver.org/_oauth/myidentityprovidername
Oauth settings in Rocket.Chat:
URL: https://myidentityprovider.org/auth
Token path: /realms/myrealm/protocol/openid-connect/token
Identity path: /realms/myrealm/protocol/openid-connect/userinfo
Auth path: /realms/myrealm/protocol/openid-connect/auth
Area: openid
Token sent via: head line
ID: as provided by ield username: keycloak
Secret: as provided by keycloak
Field Username: preferred_username