Code flow React / .NET Architecture
-
Hi everyone,
I want to set up a .NET 5 / React Application where the API & React App are hosted on the same domain, where the React app simply talks to the API and the API stores the tokens in session variables on the server while utilising code flow (PKCE). If I understand it correctly, this is the most secure way of storing tokens for a SPA app, compared to having the tokens stored in your browser somewhere. I can't seem to find any sample projects set up like this and would really appreciate some guidance.
Kind regards,
Andrew
-
Hi @andrew-boyd,
You might consider reviewing a few of the existing react tutorials here:
https://fusionauth.io/blog/2020/08/19/securing-react-native-with-oauth/#undefined
https://fusionauth.io/blog/2020/03/10/securely-implement-oauth-in-react/While not written in react, our NodeJS tutorial also offers some insight on how to work with PKCE (at least one implementation).
https://fusionauth.io/docs/v1/tech/5-minute-setup-guide/#undefinedAdditionally, we have a few DotNet tutorials here
https://fusionauth.io/docs/v1/tech/example-apps/netcore/Finally, we have a few authentication workflows outlined here (including authentication workflows that you are describing above)
https://fusionauth.io/learn/expert-advice/authentication/login-authentication-workflows/I hope this helps!
Thanks,
Josh -
Thanks @joshua ! I ended up converting the Node sample to a .NET 5 app. I've got a couple more things to do with it, would you be interested in me raising a PR to have it added to your repo?
-
Sorry, I was out of the office last week and just catching up. Yes, I would love for you to raise a PR! I could have the team review it and at the very least review it for contribution to our community-run repo's.
Thanks,
Josh -
Hi @joshua, it took me a bit to find this, but I got an email from Dan, so I've emailed him a link to the repo I've put together
-
