Implementing the BFF Security Pattern with OidcProxy.Net and Auth0
To make your web application more secure, it is recommended to migrate token handling to the server-side rather than the client-side. Unfortunately, to many organisations, this may seem rather complex. But it doesn’t have to be.
Complete the following three simple steps to implement the BFF Security Pattern with Auth0:
- Configure Auth0.
- Create an aspnetcore API
- Build a BFF
Step 1.) Configure Auth0
OidcProxy.Net only supports the Authorization Code Flow with Proof Key for Client Exchange. That’s why it is important to configure Auth0 in a specific way.
Follow these steps to configure Auth0 correctly:
- Go to https://manage.auth0.com and sign in
- Go to the
Applications
section in the menu on the left-hand side and clickApplications
- Click
+ Create application
in the right upper corner - Provide a name for your app and select `Regular web applications
- Now, click settings, now you’ll see the following section:
- Copy the client_id, the secret, and the authority into the
appsettings.json
, like so: