https://github.com/curityio/spa-using-curitytokenhandler

Demonstrates Hardened Security for Single Page Applications
https://github.com/curityio/spa-using-curitytokenhandler

code-example oauth2 openid-connect react spa token-handler

Last synced: 7 months ago
JSON representation

Demonstrates Hardened Security for Single Page Applications

• Host: GitHub
• URL: https://github.com/curityio/spa-using-curitytokenhandler
• Owner: curityio
• License: apache-2.0
• Created: 2024-06-11T11:08:51.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-20T14:20:15.000Z (about 1 year ago)
• Last Synced: 2024-11-20T15:30:14.786Z (about 1 year ago)
• Topics: code-example, oauth2, openid-connect, react, spa, token-handler
• Language: TypeScript
• Homepage: https://curity.io/resources/learn/token-handler-spa-example/
• Size: 360 KB
• Stars: 3
• Watchers: 3
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# SPA using the Token Handler from Curity

[![Quality](https://img.shields.io/badge/quality-production-green)](https://curity.io/resources/code-examples/status/)

[![Availability](https://img.shields.io/badge/availability-binary-blue)](https://curity.io/resources/code-examples/status/)

An example Single Page Application (SPA) client that uses the production supported backend components.\

The SPA uses an API-driven OAuth 2.0 and OpenID Connect flow:

![Logical Components](images/logical-components.png)

The SPA follows [best practices for browser based apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps) with no tokens in the browser.\

The SPA transports access tokens to APIs using `HTTP-only SameSite=strict` cookies.

## Architecture Benefits

This provides the best separation of web and API concerns, to maintain all of the benefits of an SPA architecture:

- `Strongest Browser Security` developed by experts

- `Supported Solution`, with design guidance and professional services support

- `Great User Experience` due to the separation of web and API concerns

- `Productive Developer Experience` with only simple security code needed in the SPA

- `Deploy Anywhere`, such as to a content delivery network

## Simple Code in Apps

This repository demonstrates the business focused components you should need to develop:

- A Single Page App coded in React

- A Web Host to provide static content

- An API that validates JWT access tokens

It also provides an example deployment so that you can understand the moving parts.

## Run the End-to-end Flow

The SPA can be quickly run in an end-to-end flow on a development computer by following this guide:

- [Deployment Instructions](/DEPLOYMENT.md)

## Website Documentation

See the following resources for further information and tutorials:

- [Token Handler Product](https://curity.io/product/token-handler/)

- [Create a Token Handler](https://curity.io/resources/learn/curity-token-handler/)

- [SPA Code Example](https://curity.io/resources/learn/token-handler-spa-example/)

- [Deployment Tutorial](https://curity.io/resources/learn/token-handler-deployment-example/)

## More Information

Please visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.