Manfred Steyer, profile picture
Uploaded byManfred Steyer
2,782 views

Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect

This document provides an overview of modern authentication solutions using OAuth 2.0 and OpenId Connect for authenticating users in Angular applications. It discusses how OAuth 2.0 allows clients to securely delegate user access rights to resources stored on a resource server, and how OpenId Connect extends OAuth 2.0 to provide authentication by defining how to query user profile information from an authorization server. It also covers how to implement guards in Angular to protect routes and components by controlling activation and deactivation based on authentication status. Code examples and a demo are provided.

Downloaded 12 times
1 Modern authentication solutions with OAuth 2.0, OpenId Connect and Angular Manfred Steyer ManfredSteyer About me …  Manfred Steyer  SOFTWAREarchitekt.at  Trainer & Consultant  Focus: Angular Page  3 Manfred Steyer
2 Contents Motivation Overview of OAuth 2.0 Overview of OpenId Connect DEMO Guards in the newest new Router DEMO Folie 6 MOTIVATION Page  7
3 One User - (too) many User-Accounts Folie 8 One Client - (too) many User-Accounts Folie 9
4 OVERVIEW OF OAUTH 2.0 Page  10 What is OAuth? Developed at Twitter and Ma.gnolia Standard for the delegation of (restricted) rights Used by companies like Google, Facebook, Flickr, Microsoft, Salesforce.com and Yahoo! Folie 11
5 Roles Folie 12 Client Authorization-Server Resource-ServerUser (Resource-Owner) Roles Folie 13 Client Authorization-Server Resource-ServerUser (Resource-Owner) Registered with client_id, client_secret, redirect_uri Registered with Credentials
6 High-Level-View Folie 14 Client Authorization-Server Resource-Server 1. Redirection 2. Redirection 3. Access-Token Details depend on flow Central User-Accounts Only Auth-Server gets pwd. Access-Token Auth is decoupled Token: Flexibility No Cookie: No CSRF AUTHENTICATION Page  39
7 OpenId Connect (OIDC) Extension of OAuth 2.0 Defines how to use OAuth 2.0 for Authentication Defines how to query User Profile Client also gets ID-Token  JWT-Token with information about user  Can be signed by the issuer Shuts down some security holes Folie 45 OIDC Folie 46 Authorization-Server Client 1 Service 1 Access-Token ID-Token /service-url + Access-Token
8 DEMO Page  50 PROTECTING ROUTES WITH GUARDS Page  52
9 What are Guards? Services Can get other services via DI Router triggers Guards before activating/ deactivating Components Can prevent activation/ deactivation Page  53 Guards CanActivate canActivate CanDeactivate<T> canDeactivate Result: boolean | Observable<boolean>
10 Configuring Guards Page  55 const APP_ROUTES: RouterConfig = [ { path: '/flug-buchen', component: FlugBuchenComponent, canActivate: [AuthGuard], children: [ { path: 'flug-edit/:id', component: FlugEditComponent, canDeactivate: [FlightEditGuard] }, […] ] ] Token Provider for Guards Page  56 export const APP_ROUTER_PROVIDER = [ provideRouter(APP_ROUTES), { provide: FlightEditGuard, useClass: FlightEditGuard }, { provide: AuthGuard, useClass: AuthGuard } ];
11 Provider for Guards Page  57 export const APP_ROUTER_PROVIDER = [ provideRouter(APP_ROUTES), FlightEditGuard, AuthGuard ]; DEMO Page  58
12 Conclusion OAuth 2.0: Delegating rights Implicit Grant for SPA OpenId Connect: Authentication with OAuth 2.0 Central User-Accounts Only Auth-Server gets password Folie 59 manfred.steyer@softwarearchitekt.at ManfredSteyer www.softwarearchitekt.at Contact

More Related Content

PPTX
Id fiware upm-dit
byJoaquín Salvachúa
 
PDF
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
PPTX
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
byÁlvaro Alonso González
 
PDF
OpenID Authentication by example
byChris Vertonghen
 
PDF
OAuth and OpenID Connect for Microservices
byTwobo Technologies
 
PDF
Stateless authentication for microservices
byAlvaro Sanchez-Mariscal
 
PDF
Angular 2 for Java Developers
byYakov Fain
 
PDF
AngularJS Security: defend your Single Page Application
byCarlo Bonamico
 
Id fiware upm-dit
byJoaquín Salvachúa
 
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
byÁlvaro Alonso González
 
OpenID Authentication by example
byChris Vertonghen
 
OAuth and OpenID Connect for Microservices
byTwobo Technologies
 
Stateless authentication for microservices
byAlvaro Sanchez-Mariscal
 
Angular 2 for Java Developers
byYakov Fain
 
AngularJS Security: defend your Single Page Application
byCarlo Bonamico
 

Similar to Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect

PDF
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
PDF
Oauth2.0 tutorial
byHarikaReddy115
 
PPTX
OAuth with Salesforce - Demystified
byCalvin Noronha
 
PDF
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
PDF
Demystifying OAuth 2.0
byYury Roa
 
PDF
OAuth In The Real World : 10 actual implementations you can't guess
byMehdi Medjaoui
 
PPTX
Adding Identity Management and Access Control to your Application
byÁlvaro Alonso González
 
PPT
Oauth2.0
byYasmine Gaber
 
PDF
Introduction To Open Web Protocols
byMohan Krishnan
 
PPTX
Introduction to OAuth and how to create it by JoeSelian
byimcheaterid
 
PPTX
Oauth 2.0 Introduction and Flows with MuleSoft
byshyamraj55
 
PPT
Web Based Affiliate Network System
byMike Taylor
 
PDF
Keeping Pace with OAuth’s Evolving Security Practices.pdf
bySirris
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
byApigee | Google Cloud
 
PPTX
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
PDF
OAuth 2.0
bymarcwan
 
PPT
Implementing OpenID for Your Social Networking Site
byDavid Keener
 
PDF
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
byGrégory Engels
 
PPTX
Adding Identity Management and Access Control to your Application
byFernando Lopez Aguilar
 
PDF
Managing enterprise applications, permissions, and consent in Azure Active Di...
byCoLaboraDK
 
Stateless Auth using OAuth2 & JWT
byGaurav Roy
 
Oauth2.0 tutorial
byHarikaReddy115
 
OAuth with Salesforce - Demystified
byCalvin Noronha
 
Stateless Auth using OAUTH2 & JWT
byMobiliya
 
Demystifying OAuth 2.0
byYury Roa
 
OAuth In The Real World : 10 actual implementations you can't guess
byMehdi Medjaoui
 
Adding Identity Management and Access Control to your Application
byÁlvaro Alonso González
 
Oauth2.0
byYasmine Gaber
 
Introduction To Open Web Protocols
byMohan Krishnan
 
Introduction to OAuth and how to create it by JoeSelian
byimcheaterid
 
Oauth 2.0 Introduction and Flows with MuleSoft
byshyamraj55
 
Web Based Affiliate Network System
byMike Taylor
 
Keeping Pace with OAuth’s Evolving Security Practices.pdf
bySirris
 
OAuth - Don’t Throw the Baby Out with the Bathwater
byApigee | Google Cloud
 
Oauth2 and OWSM OAuth2 support
byGaurav Sharma
 
OAuth 2.0
bymarcwan
 
Implementing OpenID for Your Social Networking Site
byDavid Keener
 
I Know What Youll Do Next Summer - The Skills You Will Be Learning 
as a Domi...
byGrégory Engels
 
Adding Identity Management and Access Control to your Application
byFernando Lopez Aguilar
 
Managing enterprise applications, permissions, and consent in Azure Active Di...
byCoLaboraDK
 

More from Manfred Steyer

PDF
Der neue Component Router für Angular 2
byManfred Steyer
 
PDF
Datenbindung und Performance in Angular 2
byManfred Steyer
 
PDF
Single Page Applications neu gedacht: Redux in Angular 2 mit @ngrx/store
byManfred Steyer
 
PDF
Offlinefähige Browseranwendungen: Progressive Web-Apps mit Angular 2
byManfred Steyer
 
PDF
Angular 2: Die Ideen hinter Datenbindung und Formularen im Detail betrachtet
byManfred Steyer
 
PDF
Datengetriebene Web APIs mit Entity Framework
byManfred Steyer
 
PDF
Angular 2 Upgrade: Migration von AngularJS 1.x zu 2.0
byManfred Steyer
 
PDF
Web APIs mit ASP.NET Core 1
byManfred Steyer
 
PDF
The newst new Router for Angular 2 ("Version 3")
byManfred Steyer
 
PDF
Databinding and Performance-Tuning in Angular 2
byManfred Steyer
 
PDF
Progressive web apps with Angular 2
byManfred Steyer
 
PDF
Der neueste neue Router (Version 3) für Angular 2
byManfred Steyer
 
PDF
Webpack
byManfred Steyer
 
PDF
ASP.NET Core 1 for MVC- and WebAPI-Devs
byManfred Steyer
 
PDF
EF Core 1: News features and changes
byManfred Steyer
 
PDF
Angular 2: Migration - SSD 2016 London
byManfred Steyer
 
PDF
Angular 2 - SSD 2016 London
byManfred Steyer
 
PDF
ASP.NET Web API Deep Dive - SSD 2016 London
byManfred Steyer
 
PDF
Was bringt Angular 2?
byManfred Steyer
 
PDF
Web APIs mit ASP.NET MVC Core 1
byManfred Steyer
 
Der neue Component Router für Angular 2
byManfred Steyer
 
Datenbindung und Performance in Angular 2
byManfred Steyer
 
Single Page Applications neu gedacht: Redux in Angular 2 mit @ngrx/store
byManfred Steyer
 
Offlinefähige Browseranwendungen: Progressive Web-Apps mit Angular 2
byManfred Steyer
 
Angular 2: Die Ideen hinter Datenbindung und Formularen im Detail betrachtet
byManfred Steyer
 
Datengetriebene Web APIs mit Entity Framework
byManfred Steyer
 
Angular 2 Upgrade: Migration von AngularJS 1.x zu 2.0
byManfred Steyer
 
Web APIs mit ASP.NET Core 1
byManfred Steyer
 
The newst new Router for Angular 2 ("Version 3")
byManfred Steyer
 
Databinding and Performance-Tuning in Angular 2
byManfred Steyer
 
Progressive web apps with Angular 2
byManfred Steyer
 
Der neueste neue Router (Version 3) für Angular 2
byManfred Steyer
 
Webpack
byManfred Steyer
 
ASP.NET Core 1 for MVC- and WebAPI-Devs
byManfred Steyer
 
EF Core 1: News features and changes
byManfred Steyer
 
Angular 2: Migration - SSD 2016 London
byManfred Steyer
 
Angular 2 - SSD 2016 London
byManfred Steyer
 
ASP.NET Web API Deep Dive - SSD 2016 London
byManfred Steyer
 
Was bringt Angular 2?
byManfred Steyer
 
Web APIs mit ASP.NET MVC Core 1
byManfred Steyer
 

Recently uploaded

PPTX
Innovative-Digital-Transformation-Software-Solution-LA.pptx.pptx
byjameshammermfm
 
PPTX
Phishing techiques and its protection while on the internet
byssuserdf4e1d
 
PPTX
加拿大假毕业证不列颠哥伦比亚大学文凭UBC offer i20在读证明网上可查学历认证
by西班牙马德里自治大学学位证书快速办理【Q微号:1954 292 140】马德里自治大学文凭
 
PDF
Reverse Engineering of Security Products : Developing an Advanced Microsoft ...
byDonato Onofri
 
PDF
Bài tập các thì tiếng Anh - PREP.VN sưu tầm - tổng hợp-pages-1.pdf
bydothan087
 
PDF
Simon Leigh Pure Reputation Views on Why AI Innovation is Worthless Without R...
bySimon Leigh Pure Reputation
 
PPTX
购买皇后大学毕业证|海牙认证QU成绩单水印学位证范本文凭在读证明可查学历认证
by假成绩单购买拉筹伯大学毕业证【Q微号:1954 292 140】
 
PPTX
New Microsoft PowerPoint Presentation.pptx
byavi080703
 
PDF
Flutter App Development Company in Delhi.pdf
byMobile App Development Company Delhi
 
PPTX
澳洲学位证(UNE毕业证书)新英格兰大学毕业证书如何办理国外成绩单学历认证
by加拿大圣力嘉学院学位证书快速办理【Q微号:1954 292 140】Seneca毕业证
 
PDF
Computer Networks and Communication.pdf
byAliBilal39
 
PPTX
爱尔兰学历认证查询都柏林圣三一大学毕业证成绩单GPA修改TCDLetter学位证书补办
by澳洲伍伦贡大学学位证书快速办理【Q微号:1954 292 140】伍伦贡大学毕业证成绩单
 
PDF
Website Accessibility—Building Inclusive Digital Spaces and Maintaining ADA/W...
byCreative Force Marketing
 
PDF
Advanced Endpoint Protection for Devices
bywaveriserit
 
PDF
SEO Guide Keywords & Link Success to Boost your Website Traffic
byBestdesign2hub
 
DOCX
BeeTV APK Firestick – Stream Movies and TV Shows Free
byAmanda Knudson
 
PPTX
原版一样(LHU毕业证书)英国利物浦希望大学毕业证在线购买学士学位证书学历认证
by澳洲莫纳什大学学位证书快速办理【Q微号:1954 292 140】莫纳什大学毕业证范本制作
 
PPTX
right to access internet government policies.pptx
byaarchigandhi15
 
PDF
ELS-PPT-4-jsobbdxijajejjdjajkkekfkksksks
bymcshanesalicsic143
 
PDF
Secure Access Made Simple with Identity & Access
bywaveriserit
 
Innovative-Digital-Transformation-Software-Solution-LA.pptx.pptx
byjameshammermfm
 
Phishing techiques and its protection while on the internet
byssuserdf4e1d
 
加拿大假毕业证不列颠哥伦比亚大学文凭UBC offer i20在读证明网上可查学历认证
by西班牙马德里自治大学学位证书快速办理【Q微号:1954 292 140】马德里自治大学文凭
 
Reverse Engineering of Security Products : Developing an Advanced Microsoft ...
byDonato Onofri
 
Bài tập các thì tiếng Anh - PREP.VN sưu tầm - tổng hợp-pages-1.pdf
bydothan087
 
Simon Leigh Pure Reputation Views on Why AI Innovation is Worthless Without R...
bySimon Leigh Pure Reputation
 
购买皇后大学毕业证|海牙认证QU成绩单水印学位证范本文凭在读证明可查学历认证
by假成绩单购买拉筹伯大学毕业证【Q微号:1954 292 140】
 
New Microsoft PowerPoint Presentation.pptx
byavi080703
 
Flutter App Development Company in Delhi.pdf
byMobile App Development Company Delhi
 
澳洲学位证(UNE毕业证书)新英格兰大学毕业证书如何办理国外成绩单学历认证
by加拿大圣力嘉学院学位证书快速办理【Q微号:1954 292 140】Seneca毕业证
 
Computer Networks and Communication.pdf
byAliBilal39
 
爱尔兰学历认证查询都柏林圣三一大学毕业证成绩单GPA修改TCDLetter学位证书补办
by澳洲伍伦贡大学学位证书快速办理【Q微号:1954 292 140】伍伦贡大学毕业证成绩单
 
Website Accessibility—Building Inclusive Digital Spaces and Maintaining ADA/W...
byCreative Force Marketing
 
Advanced Endpoint Protection for Devices
bywaveriserit
 
SEO Guide Keywords & Link Success to Boost your Website Traffic
byBestdesign2hub
 
BeeTV APK Firestick – Stream Movies and TV Shows Free
byAmanda Knudson
 
原版一样(LHU毕业证书)英国利物浦希望大学毕业证在线购买学士学位证书学历认证
by澳洲莫纳什大学学位证书快速办理【Q微号:1954 292 140】莫纳什大学毕业证范本制作
 
right to access internet government policies.pptx
byaarchigandhi15
 
ELS-PPT-4-jsobbdxijajejjdjajkkekfkksksks
bymcshanesalicsic143
 
Secure Access Made Simple with Identity & Access
bywaveriserit
 

Modern authentication solutions in Angular 2 with OAuth 2.0 and OpenId Connect

  • 1.
    1 Modern authentication solutionswith OAuth 2.0, OpenId Connect and Angular Manfred Steyer ManfredSteyer About me …  Manfred Steyer  SOFTWAREarchitekt.at  Trainer & Consultant  Focus: Angular Page  3 Manfred Steyer
  • 2.
    2 Contents Motivation Overview of OAuth2.0 Overview of OpenId Connect DEMO Guards in the newest new Router DEMO Folie 6 MOTIVATION Page  7
  • 3.
    3 One User -(too) many User-Accounts Folie 8 One Client - (too) many User-Accounts Folie 9
  • 4.
    4 OVERVIEW OF OAUTH2.0 Page  10 What is OAuth? Developed at Twitter and Ma.gnolia Standard for the delegation of (restricted) rights Used by companies like Google, Facebook, Flickr, Microsoft, Salesforce.com and Yahoo! Folie 11
  • 5.
  • 6.
    6 High-Level-View Folie 14 Client Authorization-Server Resource-Server 1. Redirection 2.Redirection 3. Access-Token Details depend on flow Central User-Accounts Only Auth-Server gets pwd. Access-Token Auth is decoupled Token: Flexibility No Cookie: No CSRF AUTHENTICATION Page  39
  • 7.
    7 OpenId Connect (OIDC) Extensionof OAuth 2.0 Defines how to use OAuth 2.0 for Authentication Defines how to query User Profile Client also gets ID-Token  JWT-Token with information about user  Can be signed by the issuer Shuts down some security holes Folie 45 OIDC Folie 46 Authorization-Server Client 1 Service 1 Access-Token ID-Token /service-url + Access-Token
  • 8.
    8 DEMO Page  50 PROTECTINGROUTES WITH GUARDS Page  52
  • 9.
    9 What are Guards? Services Canget other services via DI Router triggers Guards before activating/ deactivating Components Can prevent activation/ deactivation Page  53 Guards CanActivate canActivate CanDeactivate<T> canDeactivate Result: boolean | Observable<boolean>
  • 10.
    10 Configuring Guards Page 55 const APP_ROUTES: RouterConfig = [ { path: '/flug-buchen', component: FlugBuchenComponent, canActivate: [AuthGuard], children: [ { path: 'flug-edit/:id', component: FlugEditComponent, canDeactivate: [FlightEditGuard] }, […] ] ] Token Provider for Guards Page  56 export const APP_ROUTER_PROVIDER = [ provideRouter(APP_ROUTES), { provide: FlightEditGuard, useClass: FlightEditGuard }, { provide: AuthGuard, useClass: AuthGuard } ];
  • 11.
    11 Provider for Guards Page 57 export const APP_ROUTER_PROVIDER = [ provideRouter(APP_ROUTES), FlightEditGuard, AuthGuard ]; DEMO Page  58
  • 12.
    12 Conclusion OAuth 2.0: Delegatingrights Implicit Grant for SPA OpenId Connect: Authentication with OAuth 2.0 Central User-Accounts Only Auth-Server gets password Folie 59 manfred.steyer@softwarearchitekt.at ManfredSteyer www.softwarearchitekt.at Contact