Skip to content
/ origin-isolated-spa-demo Public

Demo application which shows how to use origin isolation to better protect tokens in the browser

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sandrinodimattia/origin-isolated-spa-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
origin-frame-app
origin-frame-app
 
 
spa
spa
 
 
tv-shows-api
tv-shows-api
 
 
README.md
README.md
 
 

Repository files navigation

Origin Isolated SPA Demo

This demo shows and end to end example of Origin-Isolated Data Storage for Single Page Apps, as documented by Philippe De Ryck.

We have a few moving parts here:

/tv-shows-api

The simple Express.js API secured with Auth0 and deployed to Now:

https://tv-shows-api-demo.now.sh/api/my/shows

This endpoint requires the caller to provide an access token.

/origin-frame-app

A frame that talks to Auth0, handles all the authentication logic, the token renewal, the token storage.

It also exposed an API to the parent which allows the parent to get the current user information or interact with the REST API.

https://origin-isolated-frame.herokuapp.com/frame

/spa

The actual SPA which talks to Auth0 and to the REST API by loading the origin frame application as an iframe. penpal is used for the communication between the SPA and the iframe.

https://origin-isolated-spa.sandrinodimattia.now.sh/

About

Demo application which shows how to use origin isolation to better protect tokens in the browser

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages