ARIA Shield (formerly BFF)
ARIA Shield (formerly BFF) is the session and security gateway for our SPAs and AI providers:
- Terminates OAuth in the backend (tokens never reach the browser)
- Issues/validates httpOnly session cookies and CSRF tokens
- Authorizes each request via the PDP (AuthZEN) before proxying
- Proxies canonical
/api/...routes to backend services - Enforces stream‑time caps and budgets (402 semantics) for provider streaming
Start here:
- BFF Design Pattern: problem, how it works, when to use →
Explanations / Backend‑for‑Frontend (BFF) Design Pattern - Overview: what the BFF is and isn’t →
Explanations / BFF for SPAs — How It Works - Executive overview: business value and visuals →
Explanations / BFF — Executive Overview - Visual Guide: presentable diagrams of flows and routing →
Explanations / BFF Visual Guide - SPA Golden Path: wire a React app to the BFF →
Tutorials / SPA Golden Path - Traefik: how ForwardAuth integrates →
Reference / Traefik ForwardAuth
Doc types in this section:
- Tutorials: end-to-end walkthroughs for first-time setup
- How‑to guides: focused tasks (deploy, configure, integrate)
- Explanations: architecture and reasoning
- Reference: definitive details (config, endpoints, evidence)
Specialized endpoints
Quick links to commonly used specialized APIs exposed by the BFF (source on GitHub: https://github.com/empowerID/empowernow_docs):
- EmpowerID direct API: workflows and WebUI → Reference / EmpowerID direct API
- Legacy services proxy → Reference / Legacy proxy
- Streaming / SSE → Reference / Streaming / SSE
- IdP admin proxy → Reference / IdP admin proxy
- Health / Metrics → Reference / Health / Metrics
- YAML proxy (routes.yaml) → Reference / YAML proxy
- PDP authorization mapping → Prefer inline
authz_mapin routes; see How‑to / BFF Configuration & Routing and Reference / routes.yaml Reference. Legacy external file: Reference / PDP mapping (legacy)
AI chat completions through the BFF
- Explanation: Dynamic AI Model Routing — How It Works
- Tutorial: LLM Routing Quickstart
- How‑to: Enable Routing, Override Pricing, Budgets & Receipts, Observability
- Reference: LLM Routing Config, LLM Routing PDP
- Reference: AI Chat Completions (PDP Enforcement)