Secure Your Angular App with Keycloak and the BFF Pattern
This article demonstrates building a secure web application using the Backend for Frontend (BFF) pattern, integrating Keycloak and Angular. To avoid storing sensitive data in the browser, authentication flows with Keycloak are entirely handled by a dedicated BFF server. The BFF acts as a secure intermediary between Keycloak and the Angular app, managing OAuth2 and PKCE flows, securely storing tokens, and preventing sensitive operations (like token refresh) from reaching the browser. The Angular app interacts only with simplified endpoints provided by the BFF, eliminating direct communication with Keycloak. The article details Keycloak configuration, BFF server setup (using Express.js), and Angular app development, highlighting the security benefits of this architecture.