Using single-page applications (SPA) in OpenID Connect setups poses some security risks since web browsers insufficiently protect access and refresh tokens.
In this configuration example, we demonstrate how Airlock Gateway and Airlock IAM can be configured to protect access and refresh tokens issued by a third-party authorization server from being stored in the browser.