The Token Handler Pattern for SPA


We had a company make intrusion tests on our environments to test the security and they advised us to take a look at a popular pattern for authentication ‘Token Handler Pattern’.
In this pattern, the front-end application no longer stores the JWT token but a cookie generated by a new service (OAuth Agent) that handles the communication with Auth0 and stores the token.

Is this pattern usable with Auth0’s services?

Kind regards

Hi @AnthonyDaSilva,

I can’t find any reference to it in our docs, and most of our SPA SDKs (React, Angular, Vanilla JS) have their own caching mechanism built in accordance to the OIDC and OAuth specs.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.