Session 8: OAuth for Single Page Applications

Single Page Application run without a backend. All logic happens in the browser using JavaScript. To retrieve a token in order to call APIs certain measures should be taken. You will learn the best practice and we explore multiple ways SPAs can make use of OAuth.

PKCE - Proof Key Code Exchange
Code Flow with an SPA
Depending on the SSO Session
Assisted Token
Using a Backend for Frontend

Related resources

Web Client SSO with OpenID Connect
Proof Key for Code Exchange

Back to course

Course Outline

Session 1: Introduction to OAuth

Session 2: OAuth vs OpenID Connect

Session 3: Tokens and APIs

Session 4: Server to Server Communication with OAuth

Session 5: Design tokens for your APIs

Session 6: Dynamic Clients and Metadata

Session 7: OAuth for Mobile Applications

Session 8: OAuth for Single Page Applications

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Schedule a demo

Speak to an Identity Specialist

Explore learning resources

Products

Features and Capabilities

Deployment and Management

Security Solutions

Industry

Identity & Access Management Resources

Developers

Learn More

What is Access Control?

Curity's Judith Kahrer speaking at Apidays Helsinki & North 2025

Session 8: OAuth for Single Page Applications

Related resources

Course Outline

Session 1: Introduction to OAuth

Session 2: OAuth vs OpenID Connect

Session 3: Tokens and APIs

Session 4: Server to Server Communication with OAuth

Session 5: Design tokens for your APIs

Session 6: Dynamic Clients and Metadata

Session 7: OAuth for Mobile Applications

Session 8: OAuth for Single Page Applications

Ready to modernize IAM?