I’m trying to integrate Keycloak on a frontend app using Node as the backend. Every example I’ve seen mentioned having keycloak server locally and use some JSON client config file to login from the frontend. Well our keycloak server is hosted somewhere else and not locally. Isn’t insecure to use Keycloak OIDC JSON directly from the keycloak server in the frontend?
Using the .well-known/openid-configuration for endpoints and logging in the user on Node works fine but how do I get the logged in user on the frontend? Node is running on port :9000 and React on :80.
Any help would be greatly appreciated.