A 7 minute guide to SESSIONS and COOKIES for authentication in Angular

preview_player
Показать описание

If we want our applications to be secure then we need to make sure our backend is secure. Before we send any data to a user, we want to make sure that they are authorised to receive that data. Sessions and cookies are a great way to facilitate this and has been the backbone of many authentication approaches for a long time.

NOTE: Do not use this in production, it is not secure

0:00 Introduction
1:11 Route guards are not secure
2:17 Securing backend endpoints
3:00 Implementing sessions
3:37 Handling logins
4:24 Creating a session cookie
5:35 Configuring Angular to send cookies

#angular #golang #authentication

  1. Joshua Morony
  2. tutorial
  3. tutorials
  4. coding
  5. coding tutorials
  6. angular
Рекомендации по теме
A 7 minute 0:07:10

A 7 minute guide to SESSIONS and COOKIES for authentication in Angular

7 minutes guide 0:07:56

7 minutes guide to Tashliach with Rabbi Shapira for the days of Awe

7 Minute Guide 0:07:02

7 Minute Guide To Natural Glowing Makeup | Sports Illustrated Swimsuit

A 7-minute guide 0:07:47

A 7-minute guide to the Harry Potter Series⚡👓🧙

7 Minute Guide 0:06:54

7 Minute Guide to Tartaglia (Childe) | Genshin Impact

7 Minute Guide 0:07:38

7 Minute Guide to Eula | Genshin Impact

(7 minute guide) 0:07:39

(7 minute guide) The coolest Acoustic Guitar Strum

7 Minute Guide 0:07:31

7 Minute Guide to Rosaria | Genshin Impact

PyCharm and pytest 0:06:30

PyCharm and pytest in under 7 minutes

How to Boost 0:06:30

How to Boost Your Credit Score: A 7 Minute Guide

7 Tips in 0:08:07

7 Tips in 7 minutes | Guide to Travel Photography

I Tried The 0:02:57

I Tried The 7-Minute Workout For A Month — Here's What Happened

The Star Wars 0:07:03

The Star Wars Saga in 7 Minutes

7-Minute Workout 0:09:05

7-Minute Workout

Watercolor Roses and 0:07:21

Watercolor Roses and Dagger Brush: A 7 minutes guide to learning watercolor roses!

Gaur Gopal Das: 0:07:40

Gaur Gopal Das: Monk Explains Bhagawad Gita In 7 Minutes | Beerbiceps | The Ranveer Show

7 Minute Guide 0:07:32

7 Minute Guide to Growing Your Mind

7 Minute Full 0:14:53

7 Minute Full Body Toning Workout

7 Minute Guide 0:07:26

7 Minute Guide to Ayaka | Genshin Impact

How To Shave 0:07:37

How To Shave (7-Minute Easy Guide)

7 Minute Workout 0:08:26

7 Minute Workout to lose weight fast, burn fat and tone your body

The Primary 1,2 0:07:17

The Primary 1,2 guide to Numicon in 7 minutes

7 Minutes 58 0:07:58

7 Minutes 58 Seconds in Hellhole: A-Not-To-Guide of Burning 40k++ Scout Tickets Just to Get Pique...

Belly Fat Be 0:07:30

Belly Fat Be Gone: The 7-Minute Guide to Sculpting a Slimmer Waistline with Proven Tips and Tricks!

Комментарии
Автор

Finally someone spoke on this taboo project. Much appreciated

yousafraza
Автор

Ey, you made this video just in time for me.

TayambaMwanza
Автор

Great video! We are using keycloak in out project so I was pretty familiar with the concepts used here. Even no one should implement this stuff themselves its still good to know the basics of it.

Karamuto
Автор

Just an FYI, I had just spent a good chuck of time at work moving our sessions to cookies... only to have to trash it all.. since part of our application is served up inside an iframe on various client sites. You're kinda hosed if you need a persistent a session from within an iframe and you're using cookies. Chromes gonna kill 3rd party cookies and safari already did. There are "fixes" (CHIPS etc)... but none of their fixes will allow you to create an actual persistent session for your iframed domain.

nathanalberg
Автор

One thing I would like to add in case someone is confused, the "withCredentials" option wont allow angular (or any other JS) to read httpOnly cookies, it only instructs the browser to send the cookie values in the request.

johalternate
Автор

Great video, and having worked in tech risk in a regulated corporate setting, I can say that not many vendors know about this. Will be great if you can expand on design principles to mitigate other OWASP vulnerabilities, this of course being one of them.

rembautimes
Автор

More on resolvers, SSR... may need Analog or NestJS for endpoints

jonathangamble
Автор

I would like to see a Video about your folder structure for "bigger" Angular Projects, i'm never satisfied with mine :P

dotnetapp
Автор

Thanks for the great video! I'm also looking into cookie/session-based auth for an Angular app. I know the point of this video was how auth should work outside of a route guard, but how *do* we create an effective route guard for cookie/session-based auth?

Simply checking for the existence of a session cookie isn't 100% sufficient because that session could be expired. It seems that the only way for the client to know if a session is valid is through trial and error. For example, if we have a session cookie, but the session is expired, our app might still assume the user is logged in, so it tries to make an API call. An HttpInterceptor could then catch the 401 response set the auth state to 'unauthenitcated' and redirect back to '/login'.

Am I missing anything? Is there a simpler way to handle this other than the "trial and error" approach outlined above?

colinwilliams
Автор

If you need to retrieve the user information after a successful login, how would you chain the request to react to the "authenticated" status? Is it ok to put it inside the effect function?

rafaelcevallosdelamora
Автор

I'd like to ask, why arent you using angular-auth-oidc-client or openid-client packages that are made to do authentication to backend?

CarltonLeatch
Автор

Now this solution is vulnerable to CSRF attack.

md.redwanhossain
Автор

i guess this applies to access tokens as well

tangocukedi