VOOZH about

URL: https://curity.io/product/token-handler/

⇱ Secure Single Page Applications with the Token Handler | Curity

Curity Token Handler

Secure Single Page Applications with Curity Token Handler

With the Curity Token Handler, organizations can leverage SPA business advantages, like streamlined user experiences and fast deployment, without sacrificing security.

Single Page Application Security Challenges We Address

The Curity Token Handler is a Backend for Frontend (BFF) authentication solution that addresses browser-based authentication security concerns.

👁 Secure authentication without a firewall-protected backend

Secure authentication without a firewall-protected backend

👁 Lengthy and resource-heavy development

Lengthy and resource-heavy development

👁 Inability to secure API calls in the browser

Inability to secure API calls in the browser

👁 Cyber threats like token exfiltration and cross-site scripting (XSS)

Cyber threats like token exfiltration and cross-site scripting (XSS)

How Curity Enables Single Page Application Security

👁 How Curity Enables Single Page Application Security
👁 Backend for Frontend Authentication in the Browser

Backend for Frontend Authentication in the Browser

Securing API access calls from the browser eliminates the need for a network-protected backend data connection for identity verification.

👁 Follows OAuth Best Practices for Browser-Based Applications

Follows OAuth Best Practices for Browser-Based Applications

Issuing secure cookies in an OAuth agent and translating them to tokens via an OAuth proxy on an API gateway separates web from API concerns.

👁 Customized for Popular API Gateways

Customized for Popular API Gateways

The Curity Token Handler offers plug-and-play compatibility with popular gateways, including Azure API Management, Google Apigee, AWS, Kong and NGINX.

👁 Ready-To-Deploy, Low-Code Solution

Ready-To-Deploy, Low-Code Solution

A fully developed and tested solution that offers simple implementation and integration to save resources and support fast application launch.

The Token Handler Pattern

The token handler pattern issues only the most secure HTTP-Only, SameSite=strict cookies on behalf of the SPA. These are first-party cookies and not subject to browser restrictions. Secondly, all API requests are routed via an API gateway rather than a web backend.

Learn more about the Token Handler Pattern
👁 Overview chart