Securing Angular Apps with OpenID Connect and OAuth 2
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-on (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
What you'll learn
Securing your Angular apps with modern, interoperable security protocols helps you ensure your apps are secure, and that they can participate in a Single Sign-on (SSO) experience across multiple apps that use the same identity provider. In this course, Securing Angular Apps with OpenID and OAuth 2, you will learn how to apply the OpenID Connect and OAuth 2 protocols to authenticate users and authorize their access to functionality and data in your apps. First, you will explore the security fundamentals and concepts you need to be aware of for Angular apps. Next, you will discover how to connect to your OpenID Connect identity provider for authentication. Lastly, you will successfully use and manage your OAuth 2 access tokens for authorization. When you are finished with this course, you will have a solid foundation for building your Angular apps with robust security and done in a way that lets you integrate with any OpenID Connect and OAuth 2 identity provider.
Table of contents
- Introduction 4m
- Security Design Considerations 6m
- Client vs. Server Security 2m
- Angular App Security Architecture 2m
- Authentication and Authorization 4m
- Terminology 3m
- OpenID Connect and OAuth 2 Protocols 2m
- Identity Provider Options 5m
- Client Library Options 2m
- A Tour through the Demo Application 4m
- Introduction 2m
- Choosing OpenID Connect 2m
- Understanding OpenID Connect JWT Tokens 2m
- Choosing Your OpenID Connect Protocol Flow 6m
- Using Authorization Code Flow with PKCE 3m
- A Word About oidc-client Library 3m
- A Quick Review of the Client Functionality 2m
- Getting the Client Code Running on Your Machine 2m
- Getting the Server-side Code Running on Your Machine 4m
- Adding oidc-client and an Auth Service Component 2m
- Configuring oidc-client to Connect to Your STS 7m
- Adding Login to the App 5m
- Logging into the STS 6m
- Adding the Post-login Callback Page 4m
- Handling Login Status and Logging Out 4m
- Debugging Client Configuration Errors 3m
- Inspecting the JWT Tokens 3m
- A Word About User Registration 1m
- Summary 2m
- Introduction 2m
- OAuth 2 Terminology/Roles 1m
- OAuth 2 Grant Types 2m
- Understanding OAuth 2 Tokens 3m
- Requiring Consent 2m
- Requiring Authentication at the API Server 7m
- Passing Access Tokens in API Calls Manually 3m
- Using an Authentication Interceptor to Pass Tokens 7m
- Filtering Data Based on Claims 4m
- Enforcing Access Control Based on Claims 4m
- Handling Authorization Errors in the Client App 3m
- Using Role or Custom Claims for Filtering and Access Control 4m
- Summary 1m
- Introduction 2m
- Revisiting Token Management 7m
- Token Expiration Review 3m
- Enabling Silent Renew of Access Tokens 8m
- Providing a Security Context to the Client 4m
- Managing User Experience Based on the Security Context 3m
- Preventing Unauthorized Access to Views with Route Guards 2m
- Single Sign-on from Another Client App 2m
- Summary 2m
About the author
Brian Noyes is CTO and Architect at Solliance (www.solliance.net), an expert technology solutions development company. Brian is a Microsoft MVP and specializes in client application architecture, full stack web development, cloud and microservice architecture. Brian has authored several books and dozens of technology publication articles, including Developer's Guide to Microsoft Prism 4, Data Binding with Windows Forms 2.0, and Smart Client Deployment with ClickOnce. Brian got started programmin... more