I am working on a large project based on microservices with business functions distributed across various microservices. My problem is with the interface, which is implemented as an isomorphic spaux solution for spam .
We have implemented the OpenId Connect Provider (Identity Server 4 with ASP.NET Core) for single sign-on, as our core business functions can be accessed by third-party applications from our customers.
My first question is what is the best / most suitable flow and architecture for implementing an open connection in an isomorphic response application, how the application can work both on the server side and in the browser.
We currently use Implicit Flow (as suggested by the specification for browser-based applications) to get the identifier token and access token, however, due to the nature of Implicit Flow, these tokens are returned directly to the browser and publicly published.
I got confused in the Hybrid Stream , and if it can be used (if desired here) to get an access token on the server in case of an isomorphic application.
My second question is that in a contraction reaction scenario, the best way to store tokens so that they can be used both on the client and server side. If I save it in the local storage / browser browser session, it will not be available on the server. Is it good to store tokens in a redux store?
Waiting for valuable guidance.
source
share