Secure SPAs with OAuth2 and OpenID Connect

What is the best way to secure a single-page application (SPA) and the APIs it accesses in 2025? You'll know the answer to that question after attending this session.

We'll see how protecting applications with tokens has many benefits and how the OAuth2 and OpenID Connect standards help with obtaining them securely. SPAs require special attention when it comes to these standards. The latest OAuth 2.1 draft recommends using backend for frontend (BFF) because browsers are not very good at keeping secrets (understatement) like tokens.

You'll learn the details and you'll know how to implement them because I'll bring example code that uses React.

Vorkenntnisse

• Experience with SPAs

Lernziele

• Understanding how using the OAuth and OpenID Connect standards are important to secure an application
  
• Know how these standards work
  
• Learn how they are applied to SPAs