Probably this will be the first question for everyone when implementing Security(Okta integration) for any web application. We have SPA with React+Spring boot so i am planning integrate Okta so thinking what the best way to integrate to give maximum security. I am seeing lot of limitations with okta integration. I want to pass access token for each API from React to Spring.
possible design solutions thinking
1.Okta react integration and keep Spring as resource server. But I have read implementing front channel is less secure because All token info and user info is exposed in the Browser…?
2.Spring form login. Imp everything in Spring layer and pass access token back to React layer. But here how can i pass Access token and Logging user claim object back to React…? facing some challenges here I want to include some more info also after user logged in
So what best way to imp this. My application going to expose to internet and App data is also secure. Please suggest. Thanks for your help in advance.