fusionauth-localization VS angular-spa-sample

Can't speak for Keycloak, but FusionAuth supports localization of both user facing HTML and email/SMS messages. (Not the admin screens, alas.)

More details here: https://fusionauth.io/docs/v1/tech/core-concepts/localizatio...

15 languages have user facing translations: https://github.com/FusionAuth/fusionauth-localization/

Disclosure: I work for FusionAuth.

There is a document meant for best practices for browser-based apps such as SPA/PWA, which includes use of code flow.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-brows...

(disclaimer - co-author)

The catch is that since the client web origin and AS web origin are often different sites, the AS has to actually implement CORS on their token endpoint.

Some implementations unfortunately (perhaps due to a misunderstanding about what CORS is meant to accomplish) make this a per-tenant/per-installation allowlist of origins on the AS.

Auth0 and Ping Identity (my employer) document CORS settings for products. I'm not sure about AWS and you might need to add CORS via API gateway. Azure AD supports CORS for the token endpoint, but they may limit domains in some manner (such as redirect uri of registered clients).

FWIW, I created a demo ages ago (at https://github.com/pingidentity/angular-spa-sample), which by default is configured to target Google for OpenID Connect and uses localhost for local development/testing. It hasn't aged particularly well in terms of library choices, but I do keep it running.

A deployment based on older Angular is also at https://angular-appauth.herokuapp.com to try - IIRC I used a node server just to deal with wildcard path resolution of the index file, but there's otherwise no local logic.

oh well you alrady have a provider then! here is the boilerplate to integrate with ping https://github.com/pingidentity/angular-spa-sample