Backend For Frontend Authentication Pattern with Auth0 and ASP.NET Core

Understand the Backend For Frontend authentication pattern and how it can be implemented in ASP.NET with Auth0.
Read more…

:writing_hand:t2: Brought to you by one of our Guest Author :rocket: @cibrax

What’s up Devs! How did you like this post? Please share any comments or feedback with us on this thread 🧑‍💻

Very good article!

But I still have a question about the BFF pattern. What if the BFF serve for more than only one (1) API. Let’s say that instead of only have “WeatherAPI” there is also “LocationAPI”. How do you manage the access_token and audience in the BFF?

Thanks!

1 Like

great article, but i’d like to know how can we use this for an app with multiple instances, im asking for the session mechanism. is redis a good fit for this ? how can this be achieved ?

That is a good question indeed. I haven’t addressed that in that sample, but it can probably implemented in two ways.

  1. Add a new endpoint like login (which does a redirect to Auth0 for getting an access token for your other API). The only thing is that you might need a different secure store for the access token as I don’t think you will able to inject it in the same encrypted cookie that is used for the authentication session
  2. Just use OpenID for the initial authentication, and client credentials on the backend for all the APIs

Thanks
Pablo.
t