What is Okta's approach to Microfrontend applications?

Hello guys!

Could someone please help me understand what is the correct approach for мicrofrontend applications?
Lets assume that we have an SPA shell application which is a container for microfrontends. Shell App is responsible for user authentication. After that, user should be able to open any microfrontend within the shell app without any authentication requests, though, having proper authorization (roles, groups, scopes) within those microfrontends.

I see two possible ways here:

  1. shell app obtains ‘universal’ token, which allows access to all the microfrontends, including multivalued ‘aud’ field and all relevant roles, groups and scopes. Then, SPA can pass that token to each microfrontend being accessed using javascript.
  2. each microfrontend being accesses within SPA obtains own tokens in a way that is transparent to the user. There should not be any redirects visible to the user.

Which way is correct? Is it possible to configure?

Thank you.

JHipster has support for microfrontends with Angular and Okta. All the authentication is done on the backend so the SPAs don’t have to worry about it. This is the approach I recommend.


hi @mraible!

I followed the link and did not find any information about the approach. How tokens are configured, obtained and passed to microfrontends and what attributes and claims they contain.

Also, we use different technology stacks for our apps which makes it difficult to depend on hipster.