single-page-app – Page 7 – WindowsTechs.com

Renew access token for OAuth2 implicit grant

Posted on August 9, 2016 by DanielE

We want to use the OAuth2 Implicit Grant as it is proposed for single page applications. For JavaScript applications which don’t have a classic web session. The applications only have access tokens which expire after an hour. We use a cent… Continue reading Renew access token for OAuth2 implicit grant→

OIDC Flow for SPA and RESTful API

Posted on July 13, 2016 by Steve

I’m building a Single-Page App (SPA) and a RESTful API. The API needs security – certain users can only make calls to certain endpoints. I have an external Identity Provider (IdP (Okta)) that I want the user to authenticate w… Continue reading OIDC Flow for SPA and RESTful API→

OIDC Flow for SPA and RESTful API

Posted on July 13, 2016 by Steve

Securing a JavaScript Single Page App with SAML

Posted on February 22, 2016 by Naresh

I would like to secure a JavaScript Single Page App with SAML. My server is powered using Node.js and serves a RESTful API. What are my options?

Details: I have worked with OAuth2 in the past, but I am not familiar with SAML concepts. Wit… Continue reading Securing a JavaScript Single Page App with SAML→

Secure REST API and Single Page App by using external OAuth 2 Authorization Code

Posted on September 13, 2014 by Anvar Karimson

I am trying to understand how to implement an OAuth 2 Authorization Code flow when having both a single page JS app and a REST API. The aim is to secure access to the REST API by offloading authentication to the OAuth provide… Continue reading Secure REST API and Single Page App by using external OAuth 2 Authorization Code→

How to ensure that only my single page app can make requests to an API

Posted on July 27, 2014 by garbage collection

I have a REST API that can potentially serve multiple web clients.

I want to ensure that only my single page app on my-one-and-only-web-cleint.com can make requests to my API. How do I do this?

Right now there isn’t much to stop someone … Continue reading How to ensure that only my single page app can make requests to an API→

Securing internal REST service call via JavaScipt

Posted on March 22, 2014 by kimsagro

I have a public Single Page Application (SPA) that is calling my backend REST service via JavaScript. How can I secure the REST service so that it will only accept calls from my SPA and no other clients or users? Basically, m… Continue reading Securing internal REST service call via JavaScipt→