Securing SPAs and Blazor Applications Using the BFF Pattern

Explore the intricacies of securing Single Page Applications (SPAs) and Blazor applications using the Backend for Frontend (BFF) pattern in this comprehensive conference talk. Delve into the challenges of modern web development, including authentication, single sign-on, and token-based security for API calls. Examine various security patterns, their pitfalls, and the impact of evolving browser landscapes. Discover why the BFF pattern has emerged as the most secure and stable approach for implementing OpenID Connect and OAuth 2 in browser-based applications. Learn about token transmission, storage, and renewal strategies, as well as the implications of browser standardization and security changes. Gain insights into the classic server-side model, API reverse proxy, and token management mode. By the end of this talk, acquire a deep understanding of how to effectively implement the BFF pattern to enhance the security of your web applications.

Introduction
Transmission of tokens over URLs
Token storage in browsers
How to get new access tokens
JavaScript library
Browser standardization
Brave
Browser Changes
Browser Security
Backend for Frontend
Classic Server Side Model
How does it work
Full disclosure
Do we expose login and log out
OpenID Connect Authentication Handler
User Endpoint
Cookie Handler
Session Change Notifications
API
Reverse Proxy
Token Management Mode
BFF Styles