Configure SPA integration for affolterNET.Web.Bff. Use when setting up Vue/React/Angular apps, handling 401 responses, static files, or SPA fallback routing.
Configures BFF for SPA authentication by returning 401s instead of redirects, serving static files, and handling fallback routing. Use when setting up Vue/React/Angular apps with affolterNET.Web.Bff.
/plugin marketplace add Mcafee123/affolterNET.Web/plugin install affolternet-web-bff@affolternet-webThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Configure single-page application integration with the BFF.
For complete reference, see Library Guide.
The BFF provides SPA-friendly authentication:
1. SPA makes API request
2. BFF returns 401 if not authenticated
3. SPA redirects to /bff/account/login
4. User authenticates with Keycloak
5. BFF creates session cookie
6. User redirected back to SPA
// api.ts - Axios interceptor
import axios from 'axios';
const api = axios.create({
baseURL: '/',
withCredentials: true
});
api.interceptors.response.use(
response => response,
error => {
if (error.response?.status === 401) {
const returnUrl = encodeURIComponent(window.location.pathname);
window.location.href = `/bff/account/login?returnUrl=${returnUrl}`;
}
return Promise.reject(error);
}
);
export default api;
Static files are served from wwwroot/:
wwwroot/
├── index.html
├── assets/
│ ├── main.js
│ └── style.css
└── favicon.ico
The BFF automatically handles SPA routing:
/api/* routes return 404 JSON if not foundindex.htmlexport default defineConfig({
build: {
outDir: '../wwwroot'
},
server: {
proxy: {
'/api': 'https://localhost:5001',
'/bff': 'https://localhost:5001'
}
}
});
import { defineStore } from 'pinia';
import api from '@/services/api';
export const useAuthStore = defineStore('auth', {
state: () => ({
user: null,
loading: false
}),
actions: {
async fetchUser() {
this.loading = true;
try {
const { data } = await api.get('/bff/account/user');
this.user = data;
} catch {
this.user = null;
} finally {
this.loading = false;
}
},
login(returnUrl?: string) {
const url = returnUrl
? `/bff/account/login?returnUrl=${encodeURIComponent(returnUrl)}`
: '/bff/account/login';
window.location.href = url;
},
async logout() {
window.location.href = '/bff/account/logout';
}
}
});
Include CSRF token in state-changing requests:
// Get token from cookie
function getCsrfToken(): string | null {
const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/);
return match ? decodeURIComponent(match[1]) : null;
}
// Include in requests
api.interceptors.request.use(config => {
if (['post', 'put', 'delete', 'patch'].includes(config.method?.toLowerCase() ?? '')) {
config.headers['X-XSRF-TOKEN'] = getCsrfToken();
}
return config;
});
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.