Our great sponsors
-
no-token-in-the-browser-pattern
Discontinued An example of how you can use Azure API Management to implement a no token in the browser pattern for a JavaScript single-page application.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
As the backend handles the token acquisition, no other code or library, such as MSAL.js, is required in the single-page application itself. This also means that no tokens are required to be stored in the browser session or local storage. By encrypting and storing the access token in an HttpOnly cookie protects it from XSS attacks, and scoping it to the API domain and setting SameSite=strict ensures that the cookie is automatically sent with all proxied API first-party requests. More on SameSite cookies can be read here.
Full code: https://github.com/irarainey/no-token-in-the-browser-pattern
Related posts
- Ask HN: What's the best charting library for customer-facing dashboards?
- Pulumi AI is poisoning Google search results with AI answers
- npx extension create my-extension – zero-config web extension development tool
- Russian GRU was behind the attack in Vrbětice, NCOZ confirms
- Dynamic page title and description with Vue Router