Available starting with FlowX.AI 5.5.0Container app authentication provides built-in authentication handling for applications that embed FlowX UI Flows.
Overview
A container app is any web or mobile application that embeds FlowX UI Flows using the FlowX renderers (Angular, React, iOS, or Android SDKs). Container apps are responsible for authenticating end users before rendering FlowX content. FlowX.AI 5.5.0 enhances the container app authentication flow with built-in support for OAuth2/OIDC authentication, custom landing pages, and improved session management.Key features
Authentication providers
Support for multiple OAuth2/OIDC authentication providers via Keycloak integration
Custom landing page
Configure a landing page for unauthenticated users with organization branding
Session management
Automatic token refresh, silent refresh support, and redirect URI persistence
SSO integration
Single sign-on across container apps within the same organization
How it works
The container app authentication flow handles the following:Organization resolution
The container app resolves the organization context using the hostname or an organization code. This determines which Keycloak realm and authentication configuration to use.
Authentication redirect
Unauthenticated users are redirected to the configured identity provider (Keycloak) for login. The redirect URI is persisted in local storage to restore the user’s navigation state after authentication.
Token management
After successful authentication, the container app manages access tokens with automatic refresh. Silent refresh keeps the session alive without requiring user interaction.
Configuration
Authentication setup
Container apps authenticate using OAuth2/OIDC with the following configuration:| Parameter | Description |
|---|---|
| Organization code | Identifies the organization for multi-tenant environments. Can be derived from the hostname or provided explicitly. |
| Keycloak realm | The Keycloak realm associated with the organization |
| Client ID | The OAuth2 client ID registered in Keycloak for the container app |
| Redirect URI | The URI to redirect to after authentication. Persisted across browser sessions. |
Landing page
You can configure a custom landing page that appears for unauthenticated users. This page can include:- Organization branding and logo
- Login button that initiates the authentication flow
- Links to support or documentation
Session behavior
| Behavior | Description |
|---|---|
| Token refresh | Access tokens are refreshed automatically before expiration |
| Silent refresh | Background token renewal without user interaction |
| Redirect persistence | The user’s intended destination is stored and restored after login |
| Session timeout | Configurable session duration based on Keycloak realm settings |
SDK integration
Each FlowX renderer SDK handles container app authentication:- Angular
- React
- iOS
- Android
The Angular SDK integrates with
angular-oauth2-oidc for authentication handling. Configure the OAuth2 module in your app with the Keycloak endpoints for your organization.For setup details, see the Angular SDK documentation.