Skills
.Work. You
Rest

duende-bff

Official

Secure your SPA with server-side tokens.

Software Engineering#dotnet#bff#csrf#aspnet-core#token-management#openid-connect#spa-security
AuthorDuendeSoftware
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Secures single-page applications by moving OAuth tokens and sensitive data server-side, enforcing CSRF protection, and enabling a robust Backend-for-Frontend pattern that keeps the browser free from raw tokens.

Core Features & Use Cases

  • Server-side session management for SPAs and backends
  • API endpoint proxying with automatic token handling
  • CSRF/anti-forgery enforcement to protect protected endpoints
  • Deep integration with OpenID Connect / OAuth and React/Angular/Blazor frontends
  • Login/Logout flows and management endpoints support

Quick Start

Install and configure the Duende.BFF package in your ASP.NET Core app, enabling AddBff with OIDC and cookie options and wiring up UseBff to enforce anti-forgery and the BFF endpoints.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: duende-bff
Download link: https://github.com/DuendeSoftware/duende-skills/archive/main.zip#duende-bff

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.