This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 32%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
At my company, most of our apps (100+) are SPAs using an OpenIDConnect auth server, talking with their APIs with JWT tokens.
They use some javascript oidc library to retrieve the access tokens from the authority.
However, we might want to go away from that model, for 2 main reasons :
One of the solution is using a BFF between the app and the api, however, we would want to avoid that when it is not necessary, because it's simpler to deploy, and cheaper to host.
That means hosting your SPA in the same app than your API, but that scenario isn't what the aspnetcore team seems to recommand (based on answers I read on the github issues), and requires a few hacks to make it work.
Will that type of scenario be better supported in the future or would you recommand a different approche altogether?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
See the new reverse proxy made for this case
https://devblogs.microsoft.com/dotnet/announcing-yarp-1-0-release/
Note: I always proxy my spas via the hosting server typically via /api. If using node to host, this is pretty typical.
I've seen YARP's release but I still wonder what would the hosting model be like in that case?
I want to avoid having to host 2 webapp in my cloud provider to avoid paying 2x what I need to.
Are you suggesting this (apologies for the bad drawing) ?
You question concerned issues when the SPA called a webapi which was not the hosting website. The proxy can used in this case. The standard .net SPA template is a webapi hosting the SPA static site.
In general monolithic webapi’s are discouraged, as there tends to be too much coupling and scaling may be effected. But if it’s a small site and costs are a concern than a single site makes sense. But if hosting in AWS or Azure, then lambda or azure functions may be an option as they are low cost.