After watching the AngularJS "Massive AngularJS apps" presentation (https://docs.google.com/file/d/0B4F6Csor-S1cNThqekp4NUZCSmc/edit), I was attempting to implement the following scenario
1) User requests index.html (Server side generation)
2) Flask checks if authentication cookie is present
3) If cookie is missing, redirect to login.html (also server side generated)
4) On login page, POST the login information.
5) Flask verifies user + password -> sets cookie, redirects to /
6) Flask checks cookie, retrieves user profile + generates index.html
7) Client app starts
8) Client is expected to do a call to /token (with cookie)
9) Flask verifies request, generates new access + refresh token & expires init cookie
10) Client receives tokens & can do normal REST calls with basic auth header using the tokens
The problem I had is was implementing the way of maintaining authentication once the index.html has to be generated. I proposed to include the token in the profile of the index page (as a javascript variable), and when angularjs configures, and copy it to the window.session storage but I'm was not too sure about how secure it is?
Is this is an acceptable flow security wise and/or there better ways?
EDIT: Updated question + Added the flow I would use as a sequence diagram: EDIT2: I noticed I can't reload the page since the cookie will be expired, so I'm starting to doubt the use of access tokens..
I'm confused by the complexity proposed in the question.
When I think about user security for webAPI/RESTful projects (regardless of whither angularjs/flask are involved), I think of the following data exchange:
Your question seems to be asking about multiple layers of complexity beyond my base case and I don't understand what is necessitating this extra complexity (specifically your "The problem" text and your step #9). If this complexity is needed because of some facet of angular or flask (I.E.: if your having trouble with access to cookies, or your trying to mitigate some other security problem) please explain.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With