So I have this Angular project, working in production for some time that connects to a keycloak confidential server.
Now I updated the libs, only to find keycloak-js doesn't allow sending the secret to the server anymore and got a 401 error "client now allowed".
Reading the docs I saw that sending the secret from the client was removed in version 8 because "SPAs shouldn't keep the secret in them" and I go like: now what ? will I have to stay with a deprecated library forever ? Do I have to rewrite the whole system that took me 2 years developing in other language/structure ?
I'm pretty confident my company won't turn the keycloak client to public mode in the server due to insecurity. And anyway what's the point of having an authentication if the server isn't secure.
So my question is: how do I access a confidential keycloak server from an Angular 13 project that has a Node backend ? What is the correct way ?