SPA with .Net backend - best practises?

I am tasked with setting up Okta for a project with has a .Net WebAPI backend and the front end being a react (JS) SPA.

What is the best practise for this scenario? Should I use JWT and drive authentication from the client side? Or is it better to have the client side submit login information to the .Net backend, and perform the authentication from the server side?

~Shea M

The best way is to get tokens directly in your client, and attach them to outgoing AJAX requests. Then, your backend must validate those tokens on each incoming call. We have some samples of exactly this!

Quickstart for ASP .NET + Vue.js: https://developer.okta.com/quickstart/#/vue/dotnet/aspnet4

Web API (also called a “resource server”) example project: https://github.com/okta/samples-aspnet/tree/master/resource-server
Vue.js SPA: https://github.com/okta/samples-js-vue/tree/master/okta-hosted-login

Hope this helps!

Thanks Nate, I will checkout those examples.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.