Single Page Application + API
In this scenario you have a Single Page Web Application “Client” which talks to an API (“Resource Server”).
The application will use OpenID Connect with the Implicit Grant Flow to authenticate users with Domec Tools.
When a user logs in, Domec Tools will return to the application an
access_token as well as an
id_token is used to
securely call the API on behalf of the user. Alternatively the user profile can be obtained by calling the
/userinfo endpoint in the
Domec Tools Authentication API with the
The application will usually store the information about the user’s session (i.e. whether they are logged in, their tokens, user profile data, etc) inside some sort of storage such a Local Storage.