Backend for Frontend - BFF in OneCX

OneCX proposes the use of Quarkus for BFFs and offers ready-to-use solutions for security, authentication and permission checking.

OneCX Quarkus BFF provides a robust solution to implement security in a backend-for-frontend (BFF) architecture using Quarkus. The focus is on securing API endpoints and efficiently managing user access permissions to ensure proper authentication, authorization and protection of system resources. The goal is to provide a comprehensive and scalable approach to securing applications in modern web environments.

The Security & Permissions system leverages Role-Based Access Control (RBAC) to manage permissions based on user roles, allowing for fine-grained access control across various resources and endpoints. Integration with identity providers such as Keycloak or other OpenID Connect (OIDC) compliant systems ensures secure user authentication. The system verifies user credentials and assigns appropriate roles according to predefined rules. For every request, the BFF performs permission validation to confirm that the user has the necessary access rights to the requested resource, preventing unauthorized users from bypassing security measures. Additionally, the BFF enforces access control for microservices by evaluating user permissions and applying security policies at the API level. This centralized security logic simplifies the management of roles and permissions, ensuring consistent security policies throughout the application and eliminating the need to replicate logic across different services.

This approach ensures secure communication between the frontend and backend, prevents unauthorized access to critical resources, and supports scalable, flexible role-based management.