OAuth for Web

Overview of the Token Handler Pattern

The Token Handler Pattern proposes a scenario where each web application implements its OAuth security work via a utility API.

Schedule a Demo Start free trial

CDN

SPA

1^st party cookie

1^st party cookie

Token Handler

Authorization Server

JWT

JWT

APIs

By using the Token Handler Pattern you can separate Web and API concerns to combine the best features of Single Page Apps with Website security. This requires a utility API to implement OAuth requests on behalf of the web client. In the browser only the latest secure HTTP Only cookies are used, with the SameSite=strict property. Your backend code does not need to deal with cookies, and instead a reverse proxy plugin deals with forwarding JWTs to APIs.

Best Browser Security

Great User Experience

Simple Code

Explore Token Handler Pattern Resources

A .NET OAuth Agent

Code Repository

A Financial-grade OAuth Agent in Kotlin

Code Repository

A Kotlin OAuth Agent

Code Repository

A Next.js OAuth Agent implementation

Code Repository

A Node.js OAuth Agent

Code Repository

A tutorial for the AWS OAuth Proxy

How-to

A tutorial for the Azure API Management OAuth Proxy

How-to

A tutorial for the Cloudflare OAuth Proxy

How-to

A tutorial for the Next.js OAuth Agent

Code Example

A tutorial for the NGINX Lua OAuth Proxy Plugin

How-to

A tutorial for the React SPA code example

Code Example

A tutorial on the .NET OAuth Agent

Code Example

A tutorial on the Financial-grade OAuth Agent

Code Example

A tutorial on the Kotlin OAuth Agent

Code Example

A tutorial on the Node.js OAuth Agent

Code Example

An End-to-End tutorial to explain Token Handler Deployment

Code Example

An example React SPA following modern best practices for browser based apps

Code Repository

OAuth Proxy Plugin for NGINX using Lua

Code Repository

OAuth Proxy Plugin for the AWS API Gateway

Code Repository

OAuth Proxy Plugin for the Cloudflare CDN

Code Repository

OAuth Proxy Policy for Azure API Management

Code Repository

The Token Handler Pattern for Single Page Applications

Article

Token Handler Deployment Patterns

Article

Token Handler Development Setup

Article

Token Handler Overview

Article

Robust and Secure

Strong security in the browser

Modern user experience

Simple code

Deploy anywhere

Explore Token Service

Discover the Power of Curity Identity Server

Product Overview

Authentication Service

Token Service

User Management Service

Configuration

Deployment

Standards & Conformance

Product Plans

Monitoring and Metrics

Alarms

Next steps

Start Today

Ready to modernize IAM? Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Start a Free Trial

Schedule a demo

Schedule a demo

Speak to an Identity Specialist

Speak to an Identity Specialist

Explore learning resources

Explore learning resources