Why you shouldn’t use access tokens in your front-end any more

And how to move authentication to the server-side

Albert Starreveld
4 min readMay 25

--

To obtain authorization for API-endpoints, many Single-Page Applications use OAuth2. Word has it, lately, you should not use access_tokens in the front-end any more. Why is that?

Read this article to learn:

  • How a Single Page Application obtains authorization at the client-side
  • How this may be a risk
  • What the alternative is

--

--