AMP 26: Rethinking Auth for SPAs and Micro Frontends by Manfred Steyer

What's up everyone, this is Dariusz Kalbarczyk co-founder of NG Poland, JS Poland, AngularMaster.dev & WorkshopFest.dev.  Welcome back to the Angular Master Podcast. Today, together with Manfred Steyer, who is an excellent Speaker, Trainer, Consultant and Author with focus on Angular. We will talk about Auth for SPAs and Micro Frontends You started a blog series where you tell us that the browser is no safe place for storing security tokens. However, it’s quite modern to directly use JWT tokens, OAuth 2 and OpenId Connect in the browser. What’s the reason for this? Do we need to panic, if we still use tokens in the browser? If we should not directly use security tokens in the browser, how to implement Single-Sign-on with existing identity solutions like Active Directory? How to deal with APIs of different origins? You also mention that there is a way to use these ideas to improve security while making everything easier. How is this even possible? Let’s assume, we have installed and configured such a Security Gateway. What do I need to do on the client-side for authentication and authorization? And what do I need to do on the server-side? Can you tell us a bit about your reference implementation for this idea? You are using ASP.NET Core for this. What to do, if this is not part of our stack? What Identity Solutions does this implementation support? What’s with Cross-Site-Request-Forgery Attacks, now, as we have cookies again? Do we need to protect ourselves from them? You also talked a lot about Micro Frontends recently. Does this approach also work with them or do we have to adjust it? --- Send in a voice message: https://podcasters.spotify.com/pod/show/angular-master/message