Indigo Consulting’s Chief Architect Paul Figura recently presented at the GoSec23 event in Montreal on Sept 13-14, where he covered how to design single page apps with a BFF to make API calls securely and prevent token hijacking.
Interested in learning more? This blog post captures the key points discussed by Paul during his presentation.
About Paul Figura
As the Chief Architect at Indigo Consulting Canada, Paul Figura has a deep background in Identity and Access Management (IAM). With years of experience, including collaborations with Fortune 500 companies. Paul brings a pragmatic approach to the challenges of IAM and application security.
Unpacking SPA and BFF
One of the key focuses Paul covered was the intricacies of Backend for Frontend (BFF) and Single Page App (SPA) design.
Paul described the BFF’s role as an intermediary between user interfaces and API calls, ensuring strengthened authentication processes. He also addressed the strengths and challenges associated with these design approaches, too.
Enhancing Security with BFF
A key concern with SPA design is the vulnerability associated with storing access tokens directly in browsers. This is where BFF design shines as an effective solution.
By introducing a BFF layer between the SPA and the API, the direct storage of access tokens in the browser becomes unnecessary. Instead, the BFF oversees the authentication procedure, facilitating a secure bridge between the SPA and the API. This approach minimizes the risk of token interception and misuse by unauthorized parties.
Want to See the Full Presentation? Watch Below
Are you an industry professional looking for a roadmap to understand and implement BFF and SPA designs at your company? Don’t miss out on the many insights Paul Figura shared at GoSec23.
