Modern web development means that more and more application code is running in the browser. Traditionally this has been JavaScript but more recently there has been the trend to use C# with Blazor. These modern applications are often secured with token-based security using the OpenID Connect and OAuth protocols. But there are different patterns for using token-based security and this session covers some of the pitfalls of the various approaches, especially given the ever-changing browser landscape. We will focus on the "backend for frontend" (or BFF) pattern which has become the most secure and stable of these approaches.

You will learn:

• Understand the threats SPA applications face
• Evaluate the pros and cons of OAuth options for SPAs
• Explain how the BFF pattern provides the most secure design for SPAs