21
@duendeidentity
Backend for Frontend Pattern (BFF)
• TMI BFF vs "Full BFF"
For the sake of clarity, in this document we will use Full
BFF to refer to the approach where both token acquisition
and API invocation are handled by the backend, and TMI-BFF
for approaches where the frontend retain the responsibility
to implement some functionality.
Although the Full BFF approach offers better security, by
virtue of keep all tokens out of the user agent, it is not
always viable.