Curity Token Handler

Secure Single Page Applications with Curity Token Handler

With the Curity Token Handler, organizations can leverage SPA business advantages, like streamlined user experiences and fast deployment, without sacrificing security.

Start free trial Schedule a Demo

Single Page Application Security Challenges We Address

The Curity Token Handler is a Backend for Frontend (BFF) authentication solution that addresses browser-based authentication security concerns.

Secure authentication without a firewall-protected backend

Lengthy and resource-heavy development

Inability to secure API calls in the browser

Cyber threats like token exfiltration and cross-site scripting (XSS)

How Curity Enables Single Page Application Security

Backend for Frontend Authentication in the Browser

Securing API access calls from the browser eliminates the need for a network-protected backend data connection for identity verification.

Follows OAuth Best Practices for Browser-Based Applications

Issuing secure cookies in an OAuth agent and translating them to tokens via an OAuth proxy on an API gateway separates web from API concerns.

Customized for Popular API Gateways

The Curity Token Handler offers plug-and-play compatibility with popular gateways, including Azure API Management, Google Apigee, AWS, Kong and NGINX.

Ready-To-Deploy, Low-Code Solution

A fully developed and tested solution that offers simple implementation and integration to save resources and support fast application launch.

Ready to secure your Single Page Applications?

Schedule a Demo

The Token Handler Pattern

The token handler pattern issues only the most secure HTTP-Only, SameSite=strict cookies on behalf of the SPA. These are first-party cookies and not subject to browser restrictions. Secondly, all API requests are routed via an API gateway rather than a web backend.

Learn more about the Token Handler Pattern

Modern Techniques for Securing SPAs

Token Handler: The Single Page Application’s New BFF

The Token Handler Pattern: OpenID Connect for Single Page Apps

The Token Handler Pattern for Single Page Applications

SPA using the Token Handler Pattern

Token Handler Development Setup

Token Handler Overview

SPA - Single Page Application Security

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Schedule a demo

Speak to an Identity Specialist

Explore learning resources

Products

Features and Capabilities

Deployment and Management

SECURITY SOLUTIONS

INDUSTRY

Resource Library

Tutorials & Guides

Learn More

How Was KubeCon Europe and What Could Have Made It Even Better?

The New Curity Token Handler Addresses Single Page Application Security