blischalk / vue-bff

VueJS SPA with an Express.js Backend For Frontend

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

VueJS SPA with ExpressJS Backend for Front End

This project aims to demonstrate how a single page application, hosted on the same domain as a backend service can use standard cookie based session management instead Oauth tokens managed and stored client side.

Tokens stored in the web browser are vulnerable to theft via cross-site scripting attacks. The Backend for Front End or "Token Handler" pattern are the recommended approach for mitigating this risk as tokens never leave the backend server.

Running

  • Setup an application integration in Okta
  • Note the client id, client secret, and org domain
  • Assign a user to the application
  • Copy .env.example to .env
  • Populate .env with Okta information and a JWT signing key of your choosing
  • From the backend directory run npm install
  • From the proxied directory run npm install
  • From the spa directory run npm install and npm run build
  • In another terminal window form the root of the project run docker-compose up --build
  • Visit the application in your browser at http://localhost:7000

Words of Warning

This project is for demonstration purposes only and is not production ready. It is missing things such as CSRF token functionality, session fixation prevention, session timeout, secure flag on session cookie, etc.

References

About

VueJS SPA with an Express.js Backend For Frontend

License:MIT License


Languages

Language:Vue 45.2%Language:JavaScript 39.5%Language:CSS 11.2%Language:HTML 2.2%Language:Dockerfile 1.5%Language:Shell 0.3%