BFF Pattern and the Token-Protection Security Model
The security motivation, structure, and threat model (token theft vs. session riding) of the Backend for Frontend (BFF) pattern, which eliminates token exposure in SPAs
2 docs tagged with "OAuth2"
View all tagsSender-Constrained Tokens (DPoP / mTLS) and Refresh Token Rotation
Sender-constrained tokens (DPoP, mTLS) that mitigate Bearer-token replay, and refresh-token rotation. Protection for public clients such as mobile apps