Best way to integrate many projects with KC

Hi! I have already created and configured a realm, created and configured one client per project but my problems are:

I have two projects

  1. If i change project, (e.g from project #1 to project #2) i am not logged in automatically, i need to click on “Login” button to redirect to keycloak and then back to the site (without authenticating again). I found that i can login automatically using an iframe wich will do a silent auth, is this the correct way? The frontend is rendered in the backend, is not fully separated (is a django project)

  2. This project #1 uses the project #2 via REST API too, and when the webpage do an API call via AJAX, the project #2 tries to redirect the AJAX request to the keycloak authentication page. Is there any way to automatically detect if the user that is logged in on the project #1 and then login to the project #2 on the API without any redirect?


You should check first if the user is already logged-in on the server (sso-check) and then, if not, show the login button.

You can use the token-exchange feature to get a token for #2 from #1.


I’ve just found that the package i am using (Django rest framework) have an integration with mozilla oidc, i can perform API requests using an Access Token but i need to save the access token client-side because the requests are performed in a static-generated page. I’m saving it right now in a cookie, but i dont know if is there a better way to save the access token.

Of course i’ve configured the cookie to be in the same domain, secure and same-site strict but i cant use httpOnly because i need to access the value via javascript and the API server has CORS configured

I believe people use the browser storage API for that this days, not sure how secure that is.