The article explores the security challenges associated with storing OAuth tokens in client-side applications, such as single-page applications (SPAs) and mobile apps, and suggests using an OAuth proxy server, also known as the backend for frontend (BFF) pattern, to mitigate these risks. The BFF pattern was introduced to streamline app development by creating a dedicated backend for each frontend, reducing the complexities of managing a single API across multiple platforms. This pattern enhances security by ensuring that sensitive tokens are handled by a trusted server rather than being exposed to potential client-side vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF). The article highlights the importance of using HttpOnly cookies for storing credentials and discusses the implementation of OAuth authorization code flow with PKCE to further secure token exchanges. It also presents practical examples of setting up a BFF using FusionAuth and Passport.js, emphasizing that while serverless architectures allow for flexibility, they come with significant security risks that can be mitigated by adopting a BFF approach.