Hi Devs, The idea of an API-Proxy for Single Page Applications is quite helpful in mitigating inherent security risks of keeping the access_token in the browser side as plain text.
Here the idea is to keep the access_token encrypted and set in a cookie. API-Proxy will mediate all the calls for the third-party APIs by decrypting the access_token value and calling the requested third-party APIs with the decrypted access_token. This is a significantly valuable use-case for the SPAs where there is no attached server-side other than the container which is used to facilitate the initial page download. I'm in the requirement gathering phase. Would appreciate your suggestions on, - what are the nice to have capabilities in API-Proxy - what are the complexities that will arise while implementing this - how to achieve the third-party API call mediation - Is this a valid use-case - or is this a redundant effort - are there any alternatives - and etc. This is an open invitation to shoot whatever pops into your mind in this regards:) Thanks in advance. Cheers, Thilina -- *Thilina Madumal* *Software Engineer | **WSO2* Email: [email protected] Mobile: *+ <+94%2077%20767%201807>94 774553167* Web: <http://goog_716986954>http://wso2.com <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
