Can someone point me to a discussion (blog post, youtube, etc) that goes over the high level design of a Spring Boot/Spring Security based app using Angular@latest on front end the uses Authorization Code OIDC flow?
I’m familiar with OAuth2 / OIDC concepts, but a little unclear as to the approach of managing JWT tokens. I want to make sure I don’t fall into the implicit flow. I want to make sure auth tokens are managed on my server side and not available to http traffic on the front end.
Is this a reasonable approach for using angular but locking down the auth token for a user? After reviewing Nate Barbettini’s slides, it appears that the implicit flow is recommended for PWA/api. Does angular front / Spring back end fall into this app category?
It would be real helpful to see a sequence or flow diagram on the auth code flow using these technologies. Once I understand them well enough I’ll put my own diagram together.