Azure AD B2C - Secure Implementation
Authentication with HttpOnly cookies and server-side token management
Loading...
Checking authentication status
HttpOnly Cookies
Session tokens stored in secure HttpOnly cookies, inaccessible to JavaScript
Server-Side Tokens
Refresh tokens never exposed to the browser, kept server-side only
BFF Pattern
API calls proxied through Next.js server routes with secure token handling