I absolutely loved this presentation! It made so many things so much clearer. My friend and I are working on a SPA + REST API project, and we thought it was a good idea to add login with Google to it. I was aware of the OAuth2.0 and OpenID Connect specifications, and thought it was going to be easy, until I found myself in a situation I didn't even know had an official term to it - Backend For Frontend. Every tutorial on the internet shows how to add Google login to either a traditional application, where the backend returns plain HTML to the browser, or purely on a SPA frontend, like the theme of this talk. So I came here thinking the presentation would talk about my problem, whereas in reality, it talks about a purely frontend based application. Just to find out at the end, that what I'm trying to implement is indeed a backend for frontend.
@heshamamer3737 Жыл бұрын
Thanks for such a lean explanation, I loved every moment of it, and I hope that you know that you made things a lot clearer for me
@galilioXX Жыл бұрын
What a great session!! Thanks a lot Philippe!
@vvetrovv Жыл бұрын
Thanks a lot for such a great explanation. It was extremly helpful for me! You described all my questions about authorization in SPA with microservices
@rapha55866 ай бұрын
Super clean and to the point. Thanks!
@kpavankumar007 Жыл бұрын
wow ! such an amazing and simplified explanation .
@Sanjay-pu4sp Жыл бұрын
Fantastic explanation. Massive thanks!
@vinaykasireddy Жыл бұрын
Excellent and elegant explaination
@osematouati24306 ай бұрын
Thanks a lot, great explanation
@venkatraohyd8 ай бұрын
Nice and great explanation ❤
@alessandrolima4266Ай бұрын
amazing !
@user-xk4tf6wx7w Жыл бұрын
Great Explanation!!
@shanescad23843 ай бұрын
Thanks for sharing! However do you have a tutorial which implements Backend For Frontend (BFF) framework with Authorization code with PKCE in addition to this tutorial? It is unsafe to store access token on browser.
@hashamkhan795116 күн бұрын
❤
@nhlm4257 Жыл бұрын
Any tips on videos on how to implement the BFF pattern? Preferably using Spring Boot.
@skapator Жыл бұрын
How would the bff handle multiple calls for tolken refresh? Senario is, frontend sends 3-4 requests to get data.
@sumitjoshi_01 Жыл бұрын
Thanks for the great explanation. I just want to ask you one thing that how an Identity provider makes a POST request to frontend application in Step no 9 (authorization response), especially in SPA application? And if it is making post request to my server then how I will return to user browser? Please help me, I am trying to implement apple id SSO with openId connect.
@bruxelleskarim10 ай бұрын
Goeimorgen Philippe, Do you still suggest using a BFF (Backend For Frontend) or Token Handler when the Authorization Code Flow with PKCE is employed for SPAs (Single Page Applications)?
@gustabart8 ай бұрын
Great explanation, Thanks! I don't understand why using BFF is safer. An attacker could still steal the browser's cookies and compromise the system. That is, it indirectly continues to use the tokens.
@officialJoldag8 ай бұрын
I think, it's because you are able to set the cookie with httponly, so it is not accessible via scripts.
@tombalabomba30844 ай бұрын
I don't agree with the conclusion of this talk. The whole point of BFF and http-only auth cookies is to prevent an attacker that has gained acces to execute js code through an xss attack, to steal the auth-token from your storage and thereby execute requests on your behalf. If an attacker has managed to sucessfully gain access, he can execute api calls directly from the clients browser with or without bff.