SPA authentication is fundamentally flawed. Storing tokens in localStorage exposes them to XSS attacks, while cookies create CSRF vulnerabilities. There's a better architectural approach.

This session explores the Backend-for-Frontend (BFF) pattern that eliminates these security trade-offs entirely. You'll understand how BFF moves all authentication complexity to the backend while maintaining the seamless SPA experience users expect. We'll examine why this architecture is inherently more secure, how it leverages browser security features that SPAs can't access, and why major organizations are adopting it as their standard.

You'll learn the core principles behind BFF security, understand the architectural patterns that make it work, and see how it solves the fundamental authentication problems that plague modern SPAs.

For developers using OpenID Connect who want to understand secure SPA architecture.

Done once in a user-group in the past. for ASP.NET Core, but most is generic and applicable to developers on all platforms. Consist of mostly presentation and some live demonstrations at the end.