Angular SPA and SSO with Keycloak with client's own login page

We are starting to implement SSO with our new Angular application with Keycloak.
What is the best way to implement using only the standard OAUTH/OIDC REST endpoints ? Is it a good idea to have a backend service process all the Keycloak requests rather than redirect ?

I am not a security expert, our goal is to implement SSO without having to use Keycloak’s login pages and features , at the same time leave no security gaps.

Thank you!


Follow this thread Custom web server for UI pages

TL;DR: Keycloak does not incentivize such practices due to security concerns. Use built-in customizations for the pages.