"Backend for Frontend" with Okta

I saw some references on the web for a pattern called “Backend for Frontend” in which the Frontend application uses same-site cookies for authentication to it’s backend server and the backend uses OAuth to access the resource servers.

Does anybody have experience or examples for implementing this pattern with Okta in the backend?

Hey @Florian!

Lots of web frameworks work this way (server-side rendered pages). In fact, this was the norm for a long time.

It sounds like you are describing an Authorization Code Flow, in which the backend handles the authorization request, and the front-end just deals with cookies. This approach is even recommended for SPA applications when possible.

The TL;DR, just search for the backend web framework you are using and OAuth, the results will likely be what you are describing.

Or let us know which language and framework you are using and we can point you in the right direction.

Take a look at this post (includes a video version):

1 Like

This is how OAuth and OIDC is implemented in JHipster!