WarsawJS Talk
Single Page Applications appear simple at first sight. Web developers provide a superb user experience, and it is also relatively easy to implement token-based security in the browser. Yet this is against current best practices for browser-based apps, and security concerns can become a blocking issue. It is instead recommended to implement a Backend for Frontend (BFF), to reduce browser threats. Yet this often results in the adoption of website technologies to issue secure cookies, which can work against other web architecture goals. In this talk, I will show how a separation of web and API concerns can give you the best choices. In the talk, I will present the Token Handler pattern — Curity's variation of the Backend For Frontend approach. I will show the open-source projects we created to facilitate the implementation of the pattern.
Michał Trojanowski is a Product Marketing Engineer at Curity. He has over 10 years of experience working as a developer in various technologies and languages. He's no stranger to backends, frontends, APIs, or mobile apps. That experience has helped him turn to his current role, where he helps people better understand authentication, OAuth, OpenID Connect, or JWTs. Keen to share his knowledge of identity and security-related topics.
View Full Profile