Skip to content

Instantly share code, notes, and snippets.

@nerg4l

nerg4l/README.md

Last active September 18, 2019 13:55
Show Gist options
  • Save nerg4l/e91b90367f35d4677fbdb658797af39c to your computer and use it in GitHub Desktop.
Save nerg4l/e91b90367f35d4677fbdb658797af39c to your computer and use it in GitHub Desktop.
Download ZIP
SPA Authentication Flow for Browser Applications
Raw
README.md

SPA Authentication Flow for Browser Applications

This gist is a collection of resources on the topic of SPA Authentication Flow for Browser Applications.

OAuth 2.0 for Browser-Based Apps

Token storage on client side

Conclusion

The simplest solution for SPA Authentication Flow for Browser Applications is to have a normal session based authentication flow and an API Gateway. Whenever the client tries to access data from the API, they need to call the gateway which authenticates the client and the gateway calls the API. After the gateway receives the data it simpli returns the unmodified data to the client.

+---------+
|   API   |
+---------+
   ^   |
   |   | Some kind of token to identify Gateway application eg. Oauth 2.0 token.
   |   v
+---------+
| Gateway |
+---------+
   ^   |
   |   | Browser cookie based authentication flow.
   |   v
+---------+
|   SPA   |
+---------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment