Menu
The angular client application is running on http://localhost:4200
It communicates with a Spring based Restful API running on http://localhost:8080
The authentication mechanism at backend is http basic, and for every request Spring internally invokes a filter to check the authenticity of the credentials passed from the Angular client when a user logs in.
When a user logs in, his/her credentials are encoded with Base64.encodeBase64
and set into the Authorization header.
private getHeaders(){
let headers = new Headers();
headers.append('Accept', 'application/json');
headers.append('Content-Type', 'application/json');
headers.append('Authorization','Basic ' + btoa("bill:abc123"));
return headers;
}
The btoa function is used to set the Authorization header. This works great and TLS/ HTTPS will be used to encrypt the credentials to securely pass over the network.
For subsequent request, I need to pass the same credentials every time. So, where should I store the user credentials, once he/she has logged in successfully for subsequent requests?
For example, this request:
addEmployee( employee : Employee ) : Observable<Response> {
return this.http.post('http://localhost:8080/employee/', JSON.stringify(employee),
{headers: this.getHeaders()}).map(res => res.json());
}
546
The credential store, sometimes called the user store or the authentication store, is where the actual user credentials are stored. Two main types of authentication stores are being used with IdPs today: databases and directory stores.
Your Angular application authenticates the user and receives an access token from Auth0. The application can then pass that access token to your API as a credential. In turn, your API can use Auth0 libraries to verify the access token it receives from the calling application and issue a response with the desired data.
About storing you have 3 ways.
localStoragelocalStorage is storing key and a string value. It won't be wiped after closing browser.
// setting new item
localStorage.setItem('MyApp_Auth', JSON.stringify(obj));
// getting item
let auth;
if (localStorage.getItem('MyApp_Auth')
auth = localStorage.getItem('MyApp_Auth');
// removing
localStorage.removeItem('MyApp_Auth');
// clear all data
localStorage.clear();
sessionStoragesessionStorage is similiar to localStorage, but its data is only kept as long as session is not closed. Usage is exatcly the same as localStorage.
Cookies are a bit more problematic since it's only
document.cookies = "username=John Doe; expires=Thu, 01 Jan 1970 00:00:00 UTC";
So it's hard to maintain because it's only one string separated with ;, so to use it the best option is 3rd party library. Something like js-cookies or more angular friendly angular2-cookie;
HttpInterceptorSince version 4 of Angular you can implement HttpInterceptor in which you can automaticaly add headers to your every request. For more information, read Authenticaion using the HttpClient and HttpInterceptors.
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
