nestjs-api-boilerplate VS angular-spa-sample

ok so a couple of solutions. Azure(Requires Azure AD), Firebase(good cloud), AWS all have authentication solutions which are pretty simple to implement. Alternatively you can try using Okta/Auth0 which is a super simple solution. Then there are on-prem solutions like your own Identity Server 4 server. Then there are some good node solutions like https://docs.nestjs.com/security/authentication sounds like this is a solid place to start for you https://github.com/MidoAhmed/nestjs-api-boilerplate

There is a document meant for best practices for browser-based apps such as SPA/PWA, which includes use of code flow.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-brows...

(disclaimer - co-author)

The catch is that since the client web origin and AS web origin are often different sites, the AS has to actually implement CORS on their token endpoint.

Some implementations unfortunately (perhaps due to a misunderstanding about what CORS is meant to accomplish) make this a per-tenant/per-installation allowlist of origins on the AS.

Auth0 and Ping Identity (my employer) document CORS settings for products. I'm not sure about AWS and you might need to add CORS via API gateway. Azure AD supports CORS for the token endpoint, but they may limit domains in some manner (such as redirect uri of registered clients).

FWIW, I created a demo ages ago (at https://github.com/pingidentity/angular-spa-sample), which by default is configured to target Google for OpenID Connect and uses localhost for local development/testing. It hasn't aged particularly well in terms of library choices, but I do keep it running.

A deployment based on older Angular is also at https://angular-appauth.herokuapp.com to try - IIRC I used a node server just to deal with wildcard path resolution of the index file, but there's otherwise no local logic.

oh well you alrady have a provider then! here is the boilerplate to integrate with ping https://github.com/pingidentity/angular-spa-sample