Using single-page applications (SPA) in OpenID Connect setups poses some security risks since access and refresh tokens are insufficiently protected by web browsers.
In this configuration example, we demonstrate how Airlock Gateway and Airlock IAM can be configured to protect access and refresh tokens issued by a third-party authorization server from being stored in the browser.