{"id":22268074,"url":"https://github.com/curityio/spa-using-token-handler","last_synced_at":"2025-04-07T07:11:50.362Z","repository":{"id":37798677,"uuid":"392255137","full_name":"curityio/spa-using-token-handler","owner":"curityio","description":"API driven OpenID Connect SPA security, using only the most secure cookies in the browser","archived":false,"fork":false,"pushed_at":"2024-11-20T14:18:56.000Z","size":1760,"stargazers_count":67,"open_issues_count":0,"forks_count":19,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-31T06:08:41.189Z","etag":null,"topics":["code-example","oauth2","openid-connect","react","spa","token-handler"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/token-handler-overview/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-03T09:04:04.000Z","updated_at":"2025-03-20T00:25:24.000Z","dependencies_parsed_at":"2024-11-20T22:15:33.692Z","dependency_job_id":null,"html_url":"https://github.com/curityio/spa-using-token-handler","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-token-handler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-token-handler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-token-handler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fspa-using-token-handler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/spa-using-token-handler/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247608153,"owners_count":20965952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-example","oauth2","openid-connect","react","spa","token-handler"],"created_at":"2024-12-03T11:10:58.716Z","updated_at":"2025-04-07T07:11:50.338Z","avatar_url":"https://github.com/curityio.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SPA using the Token Handler Pattern\n\n[![Quality](https://img.shields.io/badge/quality-test-yellow)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)\n\nA Single Page Application (SPA) that implements OpenID Connect using recommended browser security.\\\nThe SPA uses a `Backend for Frontend (BFF)` approach, in line with [best practices for browser based apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps).\\\nA modern evolution of Backend for Frontend is used, called the [Token Handler Pattern](https://curity.io/resources/learn/the-token-handler-pattern/).\n\n![Logical Components](/doc/images/logical-components.png)\n\n## Architecture Benefits\n\nThis provides the best separation of web and API concerns, to maintain all of the benefits of an SPA architecture:\n\n- `Strongest Browser Security`, with only SameSite=strict cookies\n- `Great User Experience` due to the separation of Web and API concerns\n- `Productive Developer Experience` with only simple security code needed in the SPA\n- `Deploy Anywhere`, such as to a Content Delivery Network\n\n## Run the End-to-end Flow\n\nThe SPA can be quickly run in an end-to-end flow on a development computer by following these guides:\n\n- [Standard SPA using an Authorization Code Flow (PKCE) and a Client Secret](/doc/Standard.md)\n- [Financial-grade SPA using Mutual TLS, PAR and JARM](/doc/Financial.md)\n\n## Website Documentation\n\n- See the [Token Handler Design Overview](https://curity.io/resources/learn/token-handler-overview/) for further documentation on this design pattern.\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fspa-using-token-handler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fspa-using-token-handler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fspa-using-token-handler/lists"}