Hardening Single Page Application Security

When it comes to user experience and infrastructure management, Single Page Applications (SPA) are great, but securing them can be difficult. Since SPAs require access tokens to call APIs, it is challenging to store these in the browser securely. The solution to this problem is an advancement of the common Backend for Frontend (BFF) design pattern. In this expanded form, called the Token Handler, the lightweight back-end component simplifies the security of the SPA using a BFF to ease the OAuth integration.

The Token Handler, a BFF for OAuth and SPAs, is an architecture where web applications transfer the handling of OAuth to a utility API. This trusted agent is able to perform more secure interactions with the OAuth authorization server and store access tokens in a safe manner. It exposes these to the SPA using robust browser security techniques. Using the Token Handler pattern maintains the usability and deployment benefits of a SPA architecture without compromising security.

In this upcoming webinar, we will discuss challenges confronting SPAs developers and operators, how OAuth can be used correctly and incorrectly in SPAs, and how these challenges and errors can be overcome using the Token Handler pattern.

Attendees will leave the session with:

• Knowledge of security best practices when developing SPAs;
• Best recommended practices for using OAuth with SPAs;
• An understanding of the benefits of choosing the Token Handler pattern; and
• Practical recommendations to implement the Token Handler pattern.