Keycloak Angular Integration

[terrybjr]

For which library do you have a feature request?

native-federation

Information

I'm not aware of a way to add the SSO bearer tokens to the remoteEntry requests. My current design is a shell with n remotes. Each remote is a secure deployment on our JBOSS server. During the request to retrieve the remoteEntry.JSON files I get Cors errors despite high confidences in my origins configurations.

It's like the requests to retrieve the remotes is sent our prior to the KeycloakAngular bootstrap. This essentially makes Native Federation useless for secure applications. Keycloak Angular injects the required SSO tokens into further requests.

Describe any alternatives/workarounds you're currently using

There is no workaround. For me this is a pretty large blocking issue.

I would be willing to submit a PR to fix this issue

• Yes
• No

[manfredsteyer]

The best solution would be to tunnel all requests through a gateway/ BFF as shown in this article series:
https://www.angulararchitects.io/blog/part-1-the-problem-with-security-tokens-in-the-browser/

If you really want to manage the tokens in the browser (which was usual for some time but isn't recommended anymore by the OAuth2 working group), you can use the KeyCloak lib in your shell and then share the received token via a shared service.