{"id":22268075,"url":"https://github.com/curityio/spa-using-curitytokenhandler","last_synced_at":"2025-07-28T12:30:52.638Z","repository":{"id":244785327,"uuid":"813588464","full_name":"curityio/spa-using-curitytokenhandler","owner":"curityio","description":"Demonstrates Hardened Security for Single Page Applications","archived":false,"fork":false,"pushed_at":"2024-11-20T14:20:15.000Z","size":369,"stargazers_count":3,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-20T15:30:14.786Z","etag":null,"topics":["code-example","oauth2","openid-connect","react","spa","token-handler"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/token-handler-spa-example/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-11T11:08:51.000Z","updated_at":"2024-11-20T14:20:17.000Z","dependencies_parsed_at":"2024-10-19T01:16:56.795Z","dependency_job_id":null,"html_url":"https://github.com/curityio/spa-using-curitytokenhandler","commit_stats":null,"previous_names":["curityio/spa-using-curitytokenhandler"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-curitytokenhandler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-curitytokenhandler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-curitytokenhandler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-curitytokenhandler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/spa-using-curitytokenhandler/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227905532,"owners_count":17837906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-example","oauth2","openid-connect","react","spa","token-handler"],"created_at":"2024-12-03T11:10:59.363Z","updated_at":"2025-07-28T12:30:52.628Z","avatar_url":"https://github.com/curityio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SPA using the Token Handler from Curity\n\n[![Quality](https://img.shields.io/badge/quality-production-green)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-binary-blue)](https://curity.io/resources/code-examples/status/)\n\nAn example Single Page Application (SPA) client that uses the production supported backend components.\\\nThe SPA uses an API-driven OAuth 2.0 and OpenID Connect flow:\n\n![Logical Components](images/logical-components.png)\n\nThe SPA follows [best practices for browser based apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps) with no tokens in the browser.\\\nThe SPA transports access tokens to APIs using `HTTP-only SameSite=strict` cookies.\n\n## Architecture Benefits\n\nThis provides the best separation of web and API concerns, to maintain all of the benefits of an SPA architecture:\n\n- `Strongest Browser Security` developed by experts\n- `Supported Solution`, with design guidance and professional services support\n- `Great User Experience` due to the separation of web and API concerns\n- `Productive Developer Experience` with only simple security code needed in the SPA\n- `Deploy Anywhere`, such as to a content delivery network\n\n## Simple Code in Apps\n\nThis repository demonstrates the business focused components you should need to develop:\n\n- A Single Page App coded in React\n- A Web Host to provide static content\n- An API that validates JWT access tokens\n\nIt also provides an example deployment so that you can understand the moving parts.\n\n## Run the End-to-end Flow\n\nThe SPA can be quickly run in an end-to-end flow on a development computer by following this guide:\n\n- [Deployment Instructions](/DEPLOYMENT.md)\n\n## Website Documentation\n\nSee the following resources for further information and tutorials:\n\n- [Token Handler Product](https://curity.io/product/token-handler/)\n- [Create a Token Handler](https://curity.io/resources/learn/curity-token-handler/)\n- [SPA Code Example](https://curity.io/resources/learn/token-handler-spa-example/)\n- [Deployment Tutorial](https://curity.io/resources/learn/token-handler-deployment-example/)\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fspa-using-curitytokenhandler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fspa-using-curitytokenhandler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fspa-using-curitytokenhandler/lists"}