Securing-SPAs-and-Blazor-Applications-Using-the-BFF-Backend-for-Frontend-Pattern-Dominick-Baier
Fleeting- External reference:
What makes BFF actually secure the SPA is the same site cookies that prevent a cross-site request forgery.
Do the UI stuff in the frontend and the secure stuff in the backend, quite similar to front channel is about UI and the back channel is about converting the outcome of the frontchannel to tokens.