BFF and SPAs: Best Friends Forever -- Visual Studio Live!: Training Conferences and Events for Enterprise Microsoft .NET and Azure Developers

Full Stack Web Development

W22 BFF and SPAs: Best Friends Forever

07/29/2026

1:30pm - 2:45pm

Level: Intermediate to Advanced

Christian Wenz

Microsoft MVP

CEO

Actition GmbH

For years, single-page applications (SPAs) such as Angular, React, or Blazor apps have used OAuth flows that store tokens in the browser—a practice with well-known security risks. The current recommendation flips that model: the Backends for Frontends (BFF) pattern uses secure cookies and a backend component to handle tokens on the server side.

It may feel like a step back to the ’90s, but it’s actually a leap forward in terms of security and browser compatibility. In this session, you’ll learn how the BFF pattern works, why it’s the better choice, and how to migrate your SPA architecture with confidence.

You will learn:

Understanding security risks for SPAs when using OAuth flows
Understanding the BFF pattern
About ASP.NET Core implementation options for BFF