Securing your Single-Page application Anno 2019

Image for post
Image for post

Introduction

The options

Cookie based authentication

Session identifier based cookie

Claim based cookie

Limitations

Token based authentication

OAuth2

OpenID Connect

What’s wrong with tokens in SPAs?

Not as secure as promised

Image for post
Image for post

Short lifetime

Image for post
Image for post
The refresh token found in the wild

Not as stateless as promised

Static resources

Advice of the OAuth2 IETF working group

What’s the alternative?

Image for post
Image for post

Tokens still have their use

Wrapping up

Software Engineer and Architect focusing on .NET and Microsoft technologies. Microsoft MVP. Practitioner of clean code. #solid #tdd #ddd #cqrs #es #graphql

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store