13 Securing APIs and single page applications

This chapter covers

Securing an API with a token
Exploring how OAuth 2.0 and OpenID Connect are related
Explaining which OAuth flow is applicable for which scenario
Using IdentityServer to protect APIs
Using the BFF pattern to protect single-page applications

Chapter 12 explained ASP.NET Core Identity, which includes full user and sign-in management. This works really well for traditional, page-based web applications. The server issues an authentication cookie, which is automatically returned to the server with each subsequent HTTP request—that’s just how cookies work. For APIs or single-page applications (SPAs), this approach is still viable, but rather uncommon. Let’s take an API, for instance. ...

Get ASP.NET Core Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Core Security by Christian Wenz

13 Securing APIs and single page applications

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly