Externalise authentication backend using Keycloak

I am using the koa version of OpenedX. I’m trying to integrate Keycloak as the Identity Provider with OpenedX. So my expectation is to let my users redirect to Keycloak once they click on Sign in or Register where the users can authenticate themselves and get a token. That token shall be used to authenticate all the protected APIs of openedX. This workflow is expected for both LMS and CMS.

I tried doing the same with OAuth2 or SAML but at the end the tokenID / sessionID is generated only by openedX.

So basically I’m trying to override the authentication backend of OpenedX and externalise it. Please let me know if this is doable and kindly suggest me with links on how-to configure this.

Please let me know if you need any further information on this.

For references,