Since Jakarta EE 10 it is easily possible to protect your web application with OpenID Connect, using the new @OpenIdAuthenticationMechanismDefinition annotation.
This works perfect and is quite easy to use. As a user you will be redirected to your Authentication Authority Server, Login, and redirected back into your app. A good tutorial can be found in Andrew Hughes Blogpost.
Now I wonder: When I have secured my web app with OIDC, how can a backend task or microservice connect to the app without the redirection via the web browser? Is there a way to make a programmatic login? At least to receive a valid Bearer/JWT/JSESSIONID token?
