OAuth for Web
Overview of the Token Handler Pattern
The Token Handler Pattern proposes a scenario where each web application implements its OAuth security work via a utility API.
CDN
SPA
1st party cookie
1st party cookie
Token Handler
Authorization Server
APIs
By using the Token Handler Pattern you can separate Web and API concerns to combine the best features of Single Page Apps with Website security. This requires a utility API to implement OAuth requests on behalf of the web client. In the browser only the latest secure HTTP Only cookies are used, with the SameSite=strict property. Your backend code does not need to deal with cookies, and instead a reverse proxy plugin deals with forwarding JWTs to APIs.
Best Browser Security
Great User Experience
Simple Code
Explore Token Handler Pattern Resources
The Token Handler Pattern for Single Page Applications
Article
Token Handler Overview
Article
Token Handler Deployment Patterns
Article
An example React SPA following modern best practices for browser based apps
Code Repository
A tutorial for the React SPA code example
Code Example
Code Example
An End-to-End tutorial to explain Token Handler Deployment
A Node.js OAuth Agent
Code Repository
Code Example
A tutorial on the Node.js OAuth Agent
A Financial-grade OAuth Agent in Kotlin
Code Repository
Code Example
A tutorial on the Financial-grade OAuth Agent
OAuth Proxy Plugin for NGINX using Lua
Code Repository
How-to
A tutorial for the NGINX Lua OAuth Proxy Plugin
OAuth Proxy Plugin for the Cloudflare CDN
Code Repository
A tutorial for the Cloudflare OAuth Proxy
How-to
OAuth Proxy Plugin for the AWS API Gateway
Code Repository
A tutorial for the AWS OAuth Proxy
How-to
OAuth Proxy Policy for Azure API Management
Code Repository
A tutorial for the Azure API Management OAuth Proxy
How-to
