auth-module icon indicating copy to clipboard operation
auth-module copied to clipboard
verified publisher icon nuxt-community

The BFF Pattern ?

Open WestFarmer opened this issue 3 years ago • 0 comments

Hi, I have read a article about SPA OAuth best practice.

accroding to this article:

  • Tokens are available in the browser

As tokens are used when communicating with APIs, they are available in the browser. Consequently, they can be obtained by common Open Web Application Security Project (OWASP) defined attacks like Cross-Site Scripting (XSS).

  • Storage mechanisms are unsafe

It is not possible to store something in the browser safely over a long time without using a back end to secure it. Any browser-based storage mechanism is susceptible to attacks.

also, there is a IETF Best Current Practice .

I am wondering, do we have a plan to support these patterns ?

WestFarmer avatar Jun 08 '22 09:06 WestFarmer