Architectures
The following pages contain the tag "Architectures":
Using your BFF as an aggregation service The BFF pattern was created to reduce the number of back-end calls a front-end needs to execute. The front-end does so by delegating the downstream-requests and the aggregation of the results to the BFF. Also, the BFF acts as an anti-corruption layer. When the downstream services change, that does not necessarily require a contract-change between front-end and BFF. A BFF in a Microservices Architecture Introducing the BFF Pattern in a microservices architecture creates the following situation:
Read article >>The /.auth/me endpoint When a user is authenticated on the client-side, the Single-Page Application receives an id_token. This token contains various user information, such as the username. However, when authentication is shifted to the server-side, the front-end no longer receives this token. This poses a problem because it hinders the ability to display the username or generate a menu based on user permissions. To address this issue, the OidcProxy.Net provides a /.
Read article >>Software architecture The OidcProxy is a gateway. It interacts with the user, the identity provider, and downstream services. This is schematically displayed in the following diagram: De BFF acts as a reverse proxy. It augments forwarded requests by adding a Bearer token to the http request headers. The OidcProxy.Net.Authentication is designed to be compatible with any OpenID Connect Server. It uses the OpenId Connect protocol to obtain access_tokens, id_tokens, and refresh_tokens.
Read article >>Connecting OidcProxy.Net with a custom OIDC/OAuth2 server
Connecting OidcProxy.Net with a custom OIDC/OAuth2 server The OidcProxy.Net proxy does not support all identity providers out of the box. Also, it does not encourage to use the authorization code flow without PKCE. The OidcProxy.Net proxy only supports OpenId Connect compliant authentication servers, and Auth0, and Azure Active Directory. Assume you want to use GitHub for an Identity Provider. Or Google. Or you have a legacy identity provider which only supports the authorization code flow without PKCE.
Read article >>Scaling out with Redis
Scaling out with Redis The OidcProxy.Net proxy acts as the primary gateway for a web application. It is commonly utilized in microservices architectures hosted on container platforms like Kubernetes or Azure Container Apps, which support automatic scaling by deploying additional instances to handle increased request loads. Nevertheless, implementing the BFF Security Pattern introduces complexities to scaling. The application cannot be fully stateless, impeding the straightforward auto-scaling features typically provided by container platforms.
Read article >>