Using OAuth 2.0 and OIDC in SPA frontends

An in-depth look at current best practices for securing OAuth 2.0

Many modern applications are built as Single-Page Applications, using popular frameworks like Angular, React, and Vue. These frontend applications often need to rely on OpenID Connect to authenticate users, and on OAuth 2.0 to access remote APIs. But how do you integrate OAuth 2.0 and OIDC in a frontend? Where do you store access tokens? Can you use refresh tokens?

Many developers struggle with these questions, and this session answers them. Using a dedicated training application, we dive deep into the current best practices for using OAuth 2.0 and OIDC in frontend applications. We discuss the impact of common web vulnerabilities, along with strategies to manage tokens securely. At the end of this session, you will know all about token storage, silent authentication, and the backend-for-frontend pattern.

Stop struggling today!

Register now to access a crystal-clear explanation of OAuth 2.0 and OpenID Connect

Start learning now

What you will get ...

This course is the second module in the Mastering OAuth 2.0 and OpenID Connect course bundle. Purchasing the bundle gives you immediate access to 10+ hours of recorded live training material from May 2020.

Each of the three course modules in the bundle consists of recorded lectures and demos, along with an extensive Q&A.

The full course bundle is currently being rebuilt as a true online learning experience, with topical lessons, assessments, and course completion certificates. Signing up for this course gives you full access to the reworked course when it is released.

If you have further questions, don't hesitate to reach out (courses@pragmaticwebsecurity.com).