Documentation Center

BFF web app clients to Access Management

When you have a front end that needs to interact with Core Service.REST, the most secure way to do this is to build a BFF web app that is a client to Access Management.

About this task

Backend for Frontend, or BFF, refers to an architectural pattern that uses a middle layer between the frontend clients and the backend. The general BFF pattern helps you to improve the security of your web applications by preventing the storage of sensitive data in the front-end.

Since the access tokens and user claims that come from Access Management represent sensitive data, the use of a BFF client can greatly improve the security of applications authenticated through Access Management. In addition, BFF simplifies front-end implementation because the front-end web apps do not need interact directly with OpenID Connect.

Access Management provides a BFF client library and an example BFF web app. Both are available on the CD layout in the following folder:

\Access Management\client

The folder contains the following:

  • Tridion.AccessManagement.Client.BffWebApp — This client library comes in the form of a NuGet package. The library includes comments to explain how to configure the both web app itself and Access Management. Note that the library requires an ASP.NET 6.0 web app.
  • \example — This subfolder of contains an Example BFF Web App. It is configured to use the NuGet package directly from the parent folder and you can build and run the example BFF web app directly from the CD Layout.

In addition to this example, the Experience Space web app is itself an example of a BFF web app.