/oauth.websample.final

Final OpenID Connect secured SPA Code Sample

Primary LanguageTypeScriptMIT LicenseMIT

OAuth Final SPA

Codacy Badge

Known Vulnerabilities

Overview

The final demo SPA, which aims for a Web Architecture with best capabilities:

  • The SPA uses an API driven OpenID Connect solution via Curity's Token Handler Pattern
  • Only client side React technology is needed to implement the SPA, for productive development
  • The SPA is deployed to many global locations via a Content Delivery Network

Deployed System

You can login to the online version by following the instructions in the Quick Start Page.

Quick Start

Ensure that Node.js installed, then run the following script from a macOS terminal or from Git Bash on Windows:

./build.sh

Custom development domains are used so you must add this entry to your hosts file:

127.0.0.1 web.authsamples-dev.com
::1       localhost

Trust the root certificate that the build step downloads to your computer, so that SSL works in the browser.
Add this file to the system keychain on macOS or the Windows certificate trust store for the local computer:

./webhost/certs/authsamples-dev.ca.pem

Then deploy components if required, to run the SPA on the local computer:

./deploy.sh

The browser is invoked at https://web.authsamples-dev.com/spa and you can sign in with these credentials:

  • User: guestuser@mycompany.com
  • Password: GuestPassword1

You can then test all lifecycle operations, including token refresh, multi-tab browsing and multi-tab logout.

Further Information

Further architecture and non-functional details are described starting in the Final SPA Overview blog post.

Cloud Infrastructure Used

  • AWS Route 53 is used for custom hosting domains
  • AWS S3 is used as the upload point for web static content
  • AWS Cloudfront is used to distribute web static content globally, for equal web performance
  • AWS Certificate Manager is used to manage and auto renew the Web Host's SSL certificate
  • AWS Cognito is used as the default Authorization Server
  • AWS API Gateway is used to host remote API endpoints used by the SPA
  • AWS deployed Backend for Frontend Components are used to perform OAuth and cookie work for the SPA