Full Stack Web Development

VSTH10 Using the BFF Pattern to Secure SPA and Blazor Applications


2:30pm - 3:45pm

Level: Intermediate

Brock Allen

Application Security Architect

Modern web development means that more and more application code is running in the browser. Traditionally this has been JavaScript but more recently there has been the trend to use C# with Blazor. These modern applications are often secured with token-based security using the OpenID Connect and OAuth protocols. But there are different patterns for using token-based security and this session covers some of the pitfalls of the various approaches, especially given the ever-changing browser landscape. We will focus on the "backend for frontend" (or BFF) pattern which has become the most secure and stable of these approaches.

You will learn:

  • Understand the threats SPA applications face
  • Evaluate the pros and cons of OAuth options for SPAs
  • Explain how the BFF pattern provides the most secure design for SPAs