Duende BFF Security Framework

Simplify your front-end development and increase security.

Duende Software 社の製品
2025 年より日本国内にてComponentSourceで販売中。

価格:¥ 830,060 (税込)〜 バージョン: v3.0.0 更新日: Mar 17, 2025

Duende BFF Security Framework のスクリーンショット

Duende BFF Security Framework について

Simplify your front-end development and increase security.

Duende BFF Security Framework enhances web application security using the Backend-for-Frontend (BFF) pattern. It routes authentication through a secure server-side component, protecting tokens from client exposure and reducing attack surfaces. It supports OAuth 2.0 and OpenID Connect, offering secure session and token management for both SPAs and traditional apps. With Duende's server-side Backend for Frontend (BFF) solution you can easily manage tokens on the server—not in the browser to simplify your front-end development and increase security for Angular, React, Vue, and Blazor WASM apps.

The Duende.BFF Security Framework provides a comprehensive solution for securing browser-based frontends—such as Single Page Applications (SPAs) and Blazor apps—that communicate with ASP.NET Core backends. It encapsulates all essential tools for implementing the Backend-for-Frontend (BFF) architecture, which delegates security responsibilities to a trusted server rather than relying on client-side logic.

As SPAs have evolved in complexity and adoption, handling OAuth flows directly in the browser has proven both outdated and insecure. Storing authentication tokens client-side exposes applications to risks like token leakage and cross-site scripting (XSS) attacks. To address these vulnerabilities, current best practices—endorsed by the Internet Engineering Task Force (IETF)—recommend shifting authentication and session management to a secure backend using the BFF model, thereby strengthening the security posture of modern web apps.

The BFF pattern pairs each frontend with a dedicated server-side component responsible for authentication and API access. Instead of exposing tokens in the browser, the backend offers secure HTTP endpoints (e.g., /bff/login, /bff/logout) for login and logout flows, stores authentication state in secure cookies, and serves as the only conduit for API communication. This design minimizes the attack surface, significantly reducing the risk of token theft in client-side compromises. The BFF is tightly integrated with the frontend, exposing only the APIs necessary for the application’s operation.

Duende.BFF simplifies the implementation of this architecture by offering a robust library tailored for SPAs and Blazor apps. It facilitates secure backend hosting that manages all OAuth and OpenID Connect (OIDC) operations on behalf of the frontend, in alignment with the latest IETF recommendations for securing browser-based applications.

Key features include:

  • Protection against token extraction and theft.
  • Built-in Cross-Site Request Forgery (CSRF) protection.
  • Server-side OAuth2 authentication flows.
  • Secure APIs for user management.
  • Support for back-channel logout.
  • Reverse proxy functionality for local and external API access.
  • Server-side session state handling.
  • Integrated Blazor authentication state management.