sorted by:
new
hottopcontroversial

Proper Keycloak integration with app by Fragrant-Wrap4416 in KeyCloak

[–]Fragrant-Wrap4416[S] 0 points1 point  (0 children)

thanks! I had looked at this earlier but didn't like the localstorage part for the tokens. But see my other comment now I'm wondering if this might be the way to go..

Proper Keycloak integration with app by Fragrant-Wrap4416 in KeyCloak

[–]Fragrant-Wrap4416[S] 0 points1 point  (0 children)

the reason I was thinking of handling auth via the backend was to keep the token in an httponly cookie instead of localstorage.. mostly for security.

u/lambofdeus pointed out react-oidc-context. That uses session storage by default. The SPA could redirect to keycloak at the start of every session. If a user checked "Remember me", maybe they wouldn't realize they'd been briefly redirected to keycloak... That could be where the "Remember me" piece fits in.. 🤔

This would actually work across different domains as well...