OAuth for Web

Overview of the Token Handler Pattern

The Token Handler Pattern proposes a scenario where each web application implements its OAuth security work via a utility API.

Schedule a Demo Start free trial

CDN

SPA

1^st party cookie

Token Handler

Authorization Server

JWT

APIs

By using the Token Handler Pattern you can separate Web and API concerns to combine the best features of Single Page Apps with Website security. This requires a utility API to implement OAuth requests on behalf of the web client. In the browser only the latest secure HTTP Only cookies are used, with the SameSite=strict property. Your backend code does not need to deal with cookies, and instead a reverse proxy plugin deals with forwarding JWTs to APIs.

Best Browser Security

Great User Experience

Simple Code

Explore Token Handler Pattern Resources

A .NET OAuth Agent

Code Repository

A Financial-grade OAuth Agent in Kotlin

Code Repository

A Kotlin OAuth Agent

Code Repository

A Next.js OAuth Agent implementation

Code Repository

A Node.js OAuth Agent

Code Repository

A tutorial for the AWS OAuth Proxy

How-to

A tutorial for the Azure API Management OAuth Proxy

How-to

A tutorial for the Cloudflare OAuth Proxy

How-to

A tutorial for the Next.js OAuth Agent

Code Example

A tutorial for the NGINX Lua OAuth Proxy Plugin

How-to

A tutorial for the React SPA code example

Code Example

A tutorial on the .NET OAuth Agent

Code Example

A tutorial on the Financial-grade OAuth Agent

Code Example

A tutorial on the Kotlin OAuth Agent

Code Example

A tutorial on the Node.js OAuth Agent

Code Example

An End-to-End tutorial to explain Token Handler Deployment

Code Example

An example React SPA following modern best practices for browser based apps

Code Repository

OAuth Proxy Plugin for NGINX using Lua

Code Repository

OAuth Proxy Plugin for the AWS API Gateway

Code Repository

OAuth Proxy Plugin for the Cloudflare CDN

Code Repository

OAuth Proxy Policy for Azure API Management

Code Repository

The Token Handler Pattern for Single Page Applications

Article

Token Handler Deployment Patterns

Article

Token Handler Development Setup

Article

Token Handler Overview

Article

Robust and Secure

Strong security in the browser

Modern user experience

Simple code

Deploy anywhere

Explore Token Service

Discover the Power of Curity Identity Server

Product Overview

Authentication Service

Token Service

User Management Service

Configuration

Deployment

Standards & Conformance

Product Plans

Monitoring and Metrics

Alarms

Overview

Architecture

Learn More

SECURITY SOLUTIONS

INDUSTRY

Decentralized Identity

Get Ready for a Paradigm Shift

Resource Library

Tutorials & Guides

Learn More

Overview of the Token Handler Pattern

Explore Token Handler Pattern Resources

A .NET OAuth Agent

A Financial-grade OAuth Agent in Kotlin

A Kotlin OAuth Agent

A Next.js OAuth Agent implementation

A Node.js OAuth Agent

A tutorial for the AWS OAuth Proxy

A tutorial for the Azure API Management OAuth Proxy

A tutorial for the Cloudflare OAuth Proxy

A tutorial for the Next.js OAuth Agent

A tutorial for the NGINX Lua OAuth Proxy Plugin

A tutorial for the React SPA code example

A tutorial on the .NET OAuth Agent

A tutorial on the Financial-grade OAuth Agent

A tutorial on the Kotlin OAuth Agent

A tutorial on the Node.js OAuth Agent

An End-to-End tutorial to explain Token Handler Deployment

An example React SPA following modern best practices for browser based apps

OAuth Proxy Plugin for NGINX using Lua

OAuth Proxy Plugin for the AWS API Gateway

OAuth Proxy Plugin for the Cloudflare CDN

OAuth Proxy Policy for Azure API Management

The Token Handler Pattern for Single Page Applications

Token Handler Deployment Patterns

Token Handler Development Setup

Token Handler Overview

Robust and Secure

Strong security in the browser

Modern user experience

Simple code

Deploy anywhere

Discover the Power of Curity Identity Server

Start Today