Implementing the BFF Security Pattern with OidcProxy.Net and Auth0

To make your web application more secure, it is recommended to migrate token handling to the server-side rather than the client-side. Unfortunately, to many organisations, this may seem rather complex. But it doesn’t have to be.

Complete the following three simple steps to implement the BFF Security Pattern with Auth0:

1. Configure Auth0.
2. Create an aspnetcore API
3. Build a BFF

Step 1.) Configure Auth0

OidcProxy.Net only supports the Authorization Code Flow with Proof Key for Client Exchange. That’s why it is important to configure Auth0 in a specific way.

Follow these steps to configure Auth0 correctly:

• Go to https://manage.auth0.com and sign in
• Go to the Applications section in the menu on the left-hand side and click Applications
• Click + Create application in the right upper corner
• Provide a name for your app and select `Regular web applications
• Now, click settings, now you’ll see the following section:

• Copy the client_id, the secret, and the authority into the appsettings.json, like so: