Abstract:

Security is, a growing concern in modern web applications. Number of data leakage scandals continue to grow. Popularity of microservice architecture adds to the complexity of the problem. This has led to the emergence of multiple authorization and authentication standards, including: oauth, OIDC, PKCE, SAML, etc. Each has its own advantages and disadvantages. In this paper, we present the design of an authorization component that combines two standards: OIDC and PKCE. Their combination allows you to safely perform authentication and authorization in microservice applications with a user interface in the form of SPA (Single Page Appliaction).