Is the 'SPA + API' tutorial outdated?

I’ve been looking at SPA + API under Architecture Scenarios, and I’m wondering if this tutorial might be a bit outdated as of today’s best practices.

Firstly the tutorial is set up to use Implicit Grant. But in the guide for choosing the best OAuth 2.0 Flow, SPAs are recommended to use Authorization Code Grant with PKCE. Does it really matter?

Also the tutorial is build up around the Authorization Extension (for defining permissions and roles). But when looking in the dashboard I seem to be able to define permissions directly on the API, and I’ve got a separate section Users & Roles where roles can be defined and mapped to permissions. Is that extension needed at all?

Are there any better/more up-to-date tutorial for a SPA + API architecture?

Hi @juliank,

You are correct, it is a bit outdated, this is something that the team is working on. As far as other resources, it will depend on what you are looking for, but unfortunately there is not a direct replacement at this time. I would be happy to answer any questions you have in the meantime.

Thanks for inquiring!

1 Like

Thank you for the quick response @dan.woda (and apologies for my late follow-up)!

I would be nice to have an up-to-date overall tutorial covering the SPA frontend/API backend scenarion - which I assume is a quite normal pattern these days - but I suppose I’ll manage just as fine looking at the two separate quickstarts for Angular and ASP.NET Core Web API, and put the pieces together based on those.

I do have some more questions as well, but I’ll post a separate thread about them, to get the proper context. Thanks again :slight_smile:

Thanks @juliank! If you don’t get a response on those feel free to ping me!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.