• Stars
    star
    193
  • Rank 201,081 (Top 4 %)
  • Language
    C#
  • Created about 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Proof of Concept for an Auth Gateway for SPA

... aka Auth Reverse Proxy ... aka Backend for Frontend (BFF) ... aka Forward Authentication Service ...

All requests are tunneled through the Auth Gateway

This gateway shifts the use of security standards such as OAuth2 and OpenId Connect to the server side. This drastically simplifies the implementation of the SPA and makes your solution more secure.

🔥 Features

  • ☑️ Easily implementing Authentication, Authorization, and SSO for SPAs (e. g. Angular) by making this gateway taking care of the heavy lifting on the serve side

  • ☑️ Tokens (id_token, access_token, refresh_token) are only stored on server-side in order to increase security

  • ☑️ Uses OAuth 2 and OpenId Connect (OIDC)

  • ☑️ Successfully tested with Keycloak, Azure Active Directory, Auth0, and Identity Server

  • ☑️ Supports Token Exchange (RFC 8693) and as an alternative Azure AD's OBO-Flow (On-Behalf-of flow)

  • ☑️ Opaque handling of XSRF tokens. Angular apps will use them automatically.

  • ☑️ login, logout, and userinfo endpoints for SPA

  • ☑️ Lots of further features by leveraging Microsoft's YARP Reverse Proxy (e. g. Loading Balancing, Health Checks, Distributed Tracing)

  • ☑️ Configuration via appsettings.json

  • ☑️ Follows current best practices and is hence prepared for the upcoming OAuth 2.1

⚡️ Live-Demo

see https://demo-auth-gateway.azurewebsites.net

Demo-Client

The used demo client literally doesn't do a thing regarding security. It relays on the gateway and assumes that the gateway provides the following local paths:

  • /login: (Re)login the user
  • /logout: Logout the user
  • /userinfo: Get info about the user as a JSON document (e. g. given_name)
  • /api: Assess to the API. The gateway forwards the access_token

Please find the source code of the demo client here:

https://github.com/manfredsteyer/auth-gateway-client

Running the Auth Gateway in Docker

docker compose up

In the docker-compose.yml, you can adjust the configuration to use (e. g. for Keycloak, Azure AD, etc; see next section).

Running the Auth Gateway Locally

  1. Get .NET 6 for Windows, Linux, or Mac
  2. Call dotnet restore in the project's root to download all libs
  3. Call dotnet run in the project's root to start the reverse proxy
  4. Call the Demo App via http://localhost:5123 (please find the actual used port number on the console)

Also, have a look into the appsettings.json.

Using the Demo Configuration for Keycloak

Username/Password: jane/jane

This configuration uses token exchange:

dotnet run conf\appsettings.keycloak.json

Using the Demo Configuration for Azure AD

Username/Password: You can login with your Microsoft account.

dotnet run conf\appsettings.azure.json

Using the Demo Configuration for Auth0

Username/Password: You can login with your Google account.

Auth0 does current not support token exchange.

dotnet run conf\appsettings.auth0.json

Using the Demo Configuration for Identity Server

Identity Server supports token exchange via an extension. Also, Identity Server comes with such a security gateway (Backend for Frontend, BFF).

However, in our free demo, we didn't configure token exchange so far.

Username/Password: bob/bob or alice/alice

dotnet run conf\appsettings.identity-server.json

Further Readings

YARP

This implementation uses Microsoft's YARP (Yet Another Reverse Proxy).

And the good message is: YARP can do so much more. Load balancing, health checking, and distributed tracing are just some examples.

OAuth 2.0 for Browser-Based Apps

The OAuth 2 working group is current working on a best practices document called OAuth 2.0 for Browser-Based Apps. It will very likely be incorporated in the upcoming OAuth 2.1 standard and proposes the use of auth gateways (they call it "backend for frontend" or BFF) like this here.

More Repositories

1

angular-oauth2-oidc

Support for OAuth 2 and OpenId Connect (OIDC) in Angular.
TypeScript
1,890
star
2

ngx-build-plus

Extend the Angular CLI's default build behavior without ejecting, e. g. for Angular Elements
TypeScript
1,163
star
3

angular-crud

TypeScript
283
star
4

module-federation-plugin-example

TypeScript
195
star
5

angular-elements-dashboard

Dynamic Dashboard with Angular Elements and Web Components
CSS
189
star
6

angular-microapp

CSS
145
star
7

standalone-example-cli

TypeScript
105
star
8

module-federation-with-angular-dynamic

Dynamic Module Federation with Angular
TypeScript
101
star
9

angular-microfrontend

JavaScript
87
star
10

module-federation-with-angular

Demonstrates webpack 5 Module Federation with Angular and the Angular Router.
TypeScript
72
star
11

angular-ddd

JavaScript
71
star
12

multi-framework-micro-frontend

TypeScript
64
star
13

angular2-oauth2

JavaScript
63
star
14

Angular_MicroApps_Different_Technologies

CSS
56
star
15

module-federation-with-angular-dynamic-workflow-designer

Example for building a plugin-based workflow designer with Angular and Dynamic Module Federation
TypeScript
54
star
16

meta-router

A lightweight and solid approach towards micro frontends (SPAs/ clients for micro services)
JavaScript
44
star
17

strategic-design

Example for using Strategic Design with Angular and Nx
TypeScript
38
star
18

native-federation-core-microfrontend

TypeScript
38
star
19

ddd-bk

36
star
20

federation-demo

TypeScript
28
star
21

monorepo_domains

TypeScript
27
star
22

angular-2-reuse-strategy-sample

TypeScript
26
star
23

multi-framework-version

TypeScript
26
star
24

native-federation-react-example

TypeScript
26
star
25

angular-oauth-oidc

Sample showing how to use Angular with OAuth2 & OIDC
JavaScript
23
star
26

sa-cli

TypeScript
23
star
27

native-federation-vite-angular-demo

TypeScript
23
star
28

astro-last-minute

Astro
22
star
29

ngUpgrade-without-preparation

TypeScript
22
star
30

schematics-book

HTML
20
star
31

modern-arc

TypeScript
19
star
32

microservice-angular-iframe

Creating Angular-Frontends for Microservices
TypeScript
17
star
33

web-components

Examples for using Web Components in Angular
JavaScript
17
star
34

schematics-sample

My Schematics Sample, Updated Version
TypeScript
15
star
35

nx-and-module-federation

TypeScript
15
star
36

standalone-book

15
star
37

angular-without-modules

TypeScript
14
star
38

angular-ssr

TypeScript
14
star
39

module-federation-light

TypeScript
13
star
40

lazy-loading-ng-conf

TypeScript
12
star
41

snake

TypeScript
12
star
42

angular2-aot-webpack2-rollup

TypeScript
12
star
43

demo-nx-standalone

TypeScript
12
star
44

angular8

TypeScript
12
star
45

simple-microfrontend-demo

CSS
12
star
46

monorepo-demo

CSS
11
star
47

module_federation_shared_versions

TypeScript
11
star
48

progresive-web-apps-with-angular-2-demo

Showcase for PWA with Angular 2
TypeScript
11
star
49

angular-book

Beispiele von unserem Angular Buch
TypeScript
11
star
50

standalone-example-nx

TypeScript
10
star
51

angular2-pwa-serviceworker-basta2016

JavaScript
10
star
52

desserts

TypeScript
10
star
53

sa-nx

TypeScript
10
star
54

ngconf-angular-elements-workshop

CSS
9
star
55

build-elements

CSS
9
star
56

ivy-potential

JavaScript
9
star
57

DDD_Nx

JavaScript
9
star
58

ngconf-angular-elements-workshop-external

JavaScript
9
star
59

module_federation_nx_mono_repo

TypeScript
9
star
60

signals-component-communication

TypeScript
9
star
61

nx-module-federation-demo

TypeScript
8
star
62

angular2-newest-new-router-guards-oauth

TypeScript
8
star
63

angular-oidc-lib

Simple Lib for using OAuth2 and OIDC in Angular
JavaScript
8
star
64

adv-mf-examples

TypeScript
8
star
65

nx-ddd-demo

TypeScript
8
star
66

angular2-rc1-sample

TypeScript
7
star
67

angular-intro

TypeScript
7
star
68

microapps-hyperlinks

CSS
7
star
69

http-client-demo

CSS
7
star
70

flight-app

TypeScript
7
star
71

nx-angular-demo

TypeScript
7
star
72

angular2-oauth-oidc-demo

TypeScript
7
star
73

ngUpgrade-aot-sample

TypeScript
6
star
74

angular3-app

TypeScript
6
star
75

schematics-ng-add

TypeScript
6
star
76

hero-shop

TypeScript
6
star
77

workshop-fest-2020-05

JavaScript
6
star
78

schematics-intro

CSS
6
star
79

standalone-components-elements

TypeScript
6
star
80

5-best-practices-angular

JavaScript
6
star
81

angularjs_ce

CSS
6
star
82

ng-upgrade-workshop-starterkit

Starterkit for Angular migration workshop
TypeScript
6
star
83

module-federation-plugin-example-nx

TypeScript
6
star
84

flights-ddd-demo

TypeScript
6
star
85

dynamic-dashboard-with-dynamic-components-sample

TypeScript
5
star
86

basta_2019_angular_best_practices

JavaScript
5
star
87

microfrontend-prototype

JavaScript
5
star
88

ngUpgrade-lite-sample

TypeScript
5
star
89

pwa-show-case

TypeScript
5
star
90

import-maps-101

HTML
5
star
91

native-federation-core-example

TypeScript
5
star
92

ddd

TypeScript
5
star
93

advanced-routing-angular-days-munich-mar-2017

TypeScript
4
star
94

ngconf-performance

CSS
4
star
95

schematics-ngVikings-2018

CSS
4
star
96

articles

HTML
4
star
97

monorepo_mf

TypeScript
4
star
98

nx_monorepo

JavaScript
4
star
99

angular-elements-ngconf-2019

CSS
4
star
100

angular-architecture-ngHamburg-march-2018

CSS
4
star