Securing Single Page Applications Using The Token Handler Pattern
Single Page Applications appear simple at first sight. Web developers provide a superb user experience, and it is also relatively easy to implement token-based security in the browser. Yet this is against current best practices for browser-based apps, and security concerns can become a blocking issue. It is instead recommended to implement a Backend for Frontend (BFF), to reduce browser threats. Yet this often results in the adoption of website technologies to issue secure cookies, which can work against other web architecture goals. In this talk, I will show how a separation of web and API concerns can give you the best choices. In the talk, I will present the Token Handler Pattern — Curity's variation of the Backend For Frontend approach. I will show the open-source projects we created that facilitate the implementation of the pattern.
React Berlin
React Berlin is a local meetup and community about all things related to the Ecosystem behind React(.js) and React Native. Based in Berlin, but open to international speakers and attendees.
Meetup organization is a joint work of local React enthusiasts and React Day Berlin conference
If you're an event organizer, or React enthusiast willing to collaborate, please reach us by mail, we're open to any kind of partnership - hi@reactday.berlin.
To propose a talk, or a venue, please fill in the corresponding forms, and we will reach you!
Call for speakers: https://forms.gle/ptpR6b1eLZ6WcZgi7
Venue proposal form: https://shorturl.at/nor23
By joining this group you agree to comply to our Code of Conduct
Mastering Secure Login Mechanisms for React Applications
Source code: https://github.com/harsha1979/reactatx-samples
Slides: https://github.com/harsha1979/reactatx-samples/blob/main/ReactLogin-Slides.pdf
This presentation addresses challenges in implementing secure and efficient login mechanisms for React applications.
The session will comprehensively explore login functionalities, ranging from fundamental authentication processes to advanced implementations such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and social login integrations. Attendees will gain hands-on insights into leveraging the Asgardeo React SDK to achieve OpenID Connect (OIDC) compliance, streamline token management, and adhere to best practices for robust application security.
Key Highlights:
- Overcoming Challenges in React Application Login and User Management
- Understand the common pitfalls and obstacles faced during the implementation of user authentication in React applications and explore strategies to overcome them effectively.
- Implementing Basic and Advanced Authentication Methods
- Dive into the practical steps for setting up basic login processes, along with advanced features such as MFA and SSO to enhance user experience and security.
- Building Secure Authentication Flows with the Asgardeo React SDK
- Learn how to utilize the Asgardeo React SDK to implement secure and efficient authentication flows that comply with modern security standards.
Harsha Thirimanna
Platform Sponsors
Torc is a community-first platform bringing together remote-first software engineer and developer opportunities from across the globe. Join a network that’s all about connection, collaboration, and finding your next big move — together.
Join our community today!
Don't let broken lines of code, busted API calls, and crashes ruin your app. Join the 4M developers and 90K organizations who consider Sentry “not bad” when it comes to application monitoring. Use code “guild” for 3 free months of the team plan.
https://sentry.io
Securing Single Page Applications Using The Token Handler Pattern
Single Page Applications appear simple at first sight. Web developers provide a superb user experience, and it is also relatively easy to implement token-based security in the browser. Yet this is against current best practices for browser-based apps, and security concerns can become a blocking issue. It is instead recommended to implement a Backend for Frontend (BFF), to reduce browser threats. Yet this often results in the adoption of website technologies to issue secure cookies, which can work against other web architecture goals. In this talk, I will show how a separation of web and API concerns can give you the best choices. In the talk, I will present the Token Handler Pattern — Curity's variation of the Backend For Frontend approach. I will show the open-source projects we created that facilitate the implementation of the pattern.
React Berlin
React Berlin is a local meetup and community about all things related to the Ecosystem behind React(.js) and React Native. Based in Berlin, but open to international speakers and attendees.
Meetup organization is a joint work of local React enthusiasts and React Day Berlin conference
If you're an event organizer, or React enthusiast willing to collaborate, please reach us by mail, we're open to any kind of partnership - hi@reactday.berlin.
To propose a talk, or a venue, please fill in the corresponding forms, and we will reach you!
Call for speakers: https://forms.gle/ptpR6b1eLZ6WcZgi7
Venue proposal form: https://shorturl.at/nor23
By joining this group you agree to comply to our Code of Conduct
Mastering Secure Login Mechanisms for React Applications
Source code: https://github.com/harsha1979/reactatx-samples
Slides: https://github.com/harsha1979/reactatx-samples/blob/main/ReactLogin-Slides.pdf
This presentation addresses challenges in implementing secure and efficient login mechanisms for React applications.
The session will comprehensively explore login functionalities, ranging from fundamental authentication processes to advanced implementations such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and social login integrations. Attendees will gain hands-on insights into leveraging the Asgardeo React SDK to achieve OpenID Connect (OIDC) compliance, streamline token management, and adhere to best practices for robust application security.
Key Highlights:
- Overcoming Challenges in React Application Login and User Management
- Understand the common pitfalls and obstacles faced during the implementation of user authentication in React applications and explore strategies to overcome them effectively.
- Implementing Basic and Advanced Authentication Methods
- Dive into the practical steps for setting up basic login processes, along with advanced features such as MFA and SSO to enhance user experience and security.
- Building Secure Authentication Flows with the Asgardeo React SDK
- Learn how to utilize the Asgardeo React SDK to implement secure and efficient authentication flows that comply with modern security standards.
Harsha ThirimannaPlatform Sponsors
Torc is a community-first platform bringing together remote-first software engineer and developer opportunities from across the globe. Join a network that’s all about connection, collaboration, and finding your next big move — together.
Join our community today!
Don't let broken lines of code, busted API calls, and crashes ruin your app. Join the 4M developers and 90K organizations who consider Sentry “not bad” when it comes to application monitoring. Use code “guild” for 3 free months of the team plan.
https://sentry.io
Get in touch!
hi@guild.host