Hardening Single Page Application Security

Hardening Single Page Application Security

Sign In To Access The Webinar

When it comes to user experience and infrastructure management, Single Page Applications (SPA) are great, but securing them can be difficult. Since SPAs require access tokens to call APIs, it is challenging to store these in the browser securely. The solution to this problem is an advancement of the common Backend for Frontend (BFF) design pattern. In this expanded form, called the Token Handler, the lightweight back-end component simplifies the security of the SPA using a BFF to ease the OAuth integration.

The Token Handler, a BFF for OAuth and SPAs, is an architecture where web applications transfer the handling of OAuth to a utility API. This trusted agent is able to perform more secure interactions with the OAuth authorization server and store access tokens in a safe manner. It exposes these to the SPA using robust browser security techniques. Using the Token Handler pattern maintains the usability and deployment benefits of a SPA architecture without compromising security.

In this upcoming webinar, we will discuss challenges confronting SPAs developers and operators, how OAuth can be used correctly and incorrectly in SPAs, and how these challenges and errors can be overcome using the Token Handler pattern.

Attendees will leave the session with:

  • Knowledge of security best practices when developing SPAs;
  • Best recommended practices for using OAuth with SPAs;
  • An understanding of the benefits of choosing the Token Handler pattern; and
  • Practical recommendations to implement the Token Handler pattern.

Presented by:

Michal Trojanowski

Michal Trojanowski

Product Marketing Engineer at Curity
X IconFollow

Gary Archer

Gary Archer

Product Marketing Engineer at Curity

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.