Authorization code flow : how to implement it with an architecture SPA + Front server + BFF ? PKCE and co
163 views
Skip to first unread message
L Vasseur
Oct 2, 2023, 12:28:33 PM10/2/23
to Keycloak User
I'm facing an issue on how implement the authorization code flow with a complex architecture composed of :
Is this implementation OK ? I don't know which component is responsible to generate the state parameter and which one should do the comparaison operation ? Is the PKCE required as the authorization code transit through the frontend ? Do you have any advice ?
Here you can find the sequence diagram I try to implement
• a SPA executed on the web browser (Nuxt)
• a frontend server (Node) use to serve the SPA and static page
• a backend (Java) there to act as a BFF to communicate with the APIs and IDP
The backend is responsible to communicate with our IDP, exchanging the code against the token, refreshing the access_token in case it is expired.. The pair of tokens are stored in the backend (in memory or DB) linked to the user session. This session ID is then transferred to the web browser.Is this implementation OK ? I don't know which component is responsible to generate the state parameter and which one should do the comparaison operation ? Is the PKCE required as the authorization code transit through the frontend ? Do you have any advice ?
Here you can find the sequence diagram I try to implement
Soares Vla
Oct 2, 2023, 1:02:54 PM10/2/23
to L Vasseur, Keycloak User
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/21013D90-4360-4470-9E86-C9EB825D0B9B%40gmail.com.
Reply all
Reply to author
Forward
0 new messages