OAuth for Web

Overview of the Token Handler Pattern

The Token Handler Pattern proposes a scenario where each web application implements its OAuth security work via a utility API.

OAuth for Web
CDN

CDN

LineSingle Page Application (SPA)

SPA

3rd party cookie

1st party cookie

3rd party cookie

1st party cookie

Token Handler

Token Handler

Authorization Server

Authorization Server

JWT Token
JWT
JWT Token
JWT
APIs

APIs

By using the Token Handler Pattern you can separate Web and API concerns to combine the best features of Single Page Apps with Website security. This requires a utility API to implement OAuth requests on behalf of the web client. In the browser only the latest secure HTTP Only cookies are used, with the SameSite=strict property. Your backend code does not need to deal with cookies, and instead a reverse proxy plugin deals with forwarding JWTs to APIs.

Best Browser Security

Great User Experience

Simple Code

Robust and Secure

Strong security in the browser

Modern user experience

Simple code

Deploy anywhere

Next steps

Start Today

Ready to modernize IAM? Build security and improve ease of use to stay ahead of the competition.