4cacfd3a45
Instead of interacting with Keycloak, the frontend navigate to the /authenticate endpoint, which starts the Authorization code flow. When the flow is done, the backend redirect back to the SPA, passing a session cookie and a csrf cookie. Done: - Query GET user/me to determine if user is authenticated yet - Remove Keycloak js dependency, as all the OIDC logic is handled by the backend - Store user's data instead of the JWT token