Roland Guijt

Roland is a Microsoft MVP, ASP.NET Insider and Pluralsight author enjoying a constant curiosity around new techniques in software development. His focus is on all things .NET and browser technologies. As a long-time trainer and speaker, he led many courses on these topics and spoke about these topics at manyinternational conferences.

Don't Trust the Browser: Secure SPAs with BFF

OpenIdConnect and OAuth are the industry standards to protect both frontend and backends applications with tokens. Sending tokens to the browser is like trusting a bunch of lions to keep a cow safe. So why do we do it in our Single Page Applications using the implicit flow for example? Don't. BFF or Backend For Frontend solves this problem. Come and find out how this works using ASP.NET Core on the server and Blazor WebAssembly on the browser side.