The Token Handler Pattern for SPA

AnthonyDaSilva · December 11, 2023, 12:24pm

Hello,

We had a company make intrusion tests on our environments to test the security and they advised us to take a look at a popular pattern for authentication ‘Token Handler Pattern’.
In this pattern, the front-end application no longer stores the JWT token but a cookie generated by a new service (OAuth Agent) that handles the communication with Auth0 and stores the token.

Is this pattern usable with Auth0’s services?

Kind regards

dan.woda · December 19, 2023, 6:20pm

Hi @AnthonyDaSilva,

I can’t find any reference to it in our docs, and most of our SPA SDKs (React, Angular, Vanilla JS) have their own caching mechanism built in accordance to the OIDC and OAuth specs.

Hope this helps!

system · January 2, 2024, 6:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.