Spring boot angular auth code flow discussion

Can someone point me to a discussion (blog post, youtube, etc) that goes over the high level design of a Spring Boot/Spring Security based app using Angular@latest on front end the uses Authorization Code OIDC flow?

I’m familiar with OAuth2 / OIDC concepts, but a little unclear as to the approach of managing JWT tokens. I want to make sure I don’t fall into the implicit flow. I want to make sure auth tokens are managed on my server side and not available to http traffic on the front end.

Is this a reasonable approach for using angular but locking down the auth token for a user? After reviewing Nate Barbettini’s slides, it appears that the implicit flow is recommended for PWA/api. Does angular front / Spring back end fall into this app category?

It would be real helpful to see a sequence or flow diagram on the auth code flow using these technologies. Once I understand them well enough I’ll put my own diagram together.

This post shows how to switch from an Angular app that uses implicit flow to one that uses authorization code flow with Spring Boot.

Hi Matt, Thanks for the link to the article. There is a lot going on in that project and I was wondering if there were some higher level information (sequence diagram?) about what is going on between all of the participants in the exchanges within the apps/servers.

I do have a call in with your pre-sales support so that might be a better place to jump in than this forum.

Thanks for your help and any other info you can provide,