SlideShare a Scribd company logo

Angular - Chapter 9 - Authentication and Authorization

WebStackAcademy
WebStackAcademy

This document provides an introduction to authentication and authorization in Angular applications. It discusses authentication as validating users through credentials like username and password, while authorization controls user access permissions. JSON web tokens (JWTs) are then introduced as a way to securely transmit information to authenticate users between the client and server. The structure and usage of JWTs is explained, including how the header, payload, and signature parts work with base64 encoding and HMAC algorithms. Finally, local storage methods for storing user data in the browser are reviewed.

Technology
1 of 19
Download to read offline
www.webstackacademy.com Authentication and Authorization Angular
www.webstackacademy.comwww.webstackacademy.com Introduction (Security Foundations)
www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
www.webstackacademy.com JSON Web Tokens (JWT) – In Action..
www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
www.webstackacademy.comwww.webstackacademy.com Local Storage (Storing user data in the browser)
www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media:

Recommended

Angular Directives
Angular DirectivesAngular Directives
Angular Directives
iFour Technolab Pvt. Ltd.
 
Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2
Knoldus Inc.
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming
WebStackAcademy
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
Jennifer Estrada
 
Demystifying Angular Animations
Demystifying Angular AnimationsDemystifying Angular Animations
Demystifying Angular Animations
Gil Fink
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular Components
Squash Apps Pvt Ltd
 
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
Edureka!
 

Recommended

Angular Directives
Angular DirectivesAngular Directives
Angular Directives
iFour Technolab Pvt. Ltd.
 
Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2
Knoldus Inc.
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming
WebStackAcademy
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
Jennifer Estrada
 
Demystifying Angular Animations
Demystifying Angular AnimationsDemystifying Angular Animations
Demystifying Angular Animations
Gil Fink
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular Components
Squash Apps Pvt Ltd
 
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
Edureka!
 
Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling
WebStackAcademy
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
Aaron Gustafson
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
Eyal Vardi
 
Angular 8
Angular 8 Angular 8
Angular 8
Sunil OS
 
Authenticating Angular Apps with JWT
Authenticating Angular Apps with JWTAuthenticating Angular Apps with JWT
Authenticating Angular Apps with JWT
Jennifer Estrada
 
Oops concepts in php
Oops concepts in phpOops concepts in php
Oops concepts in php
CPD INDIA
 
Angular Notes.pdf
Angular Notes.pdfAngular Notes.pdf
Angular Notes.pdf
sagarpal60
 
JavaScript Data Types
JavaScript Data TypesJavaScript Data Types
JavaScript Data Types
Charles Russell
 
JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects
WebStackAcademy
 
JavaScript - Chapter 4 - Types and Statements
JavaScript - Chapter 4 - Types and Statements JavaScript - Chapter 4 - Types and Statements
JavaScript - Chapter 4 - Types and Statements
WebStackAcademy
 
Javascript Basic
Javascript BasicJavascript Basic
Javascript Basic
Kang-min Liu
 
NestJS
NestJSNestJS
NestJS
Wilson Su
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
Knoldus Inc.
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques
WebStackAcademy
 
Java script errors & exceptions handling
Java script errors & exceptions handlingJava script errors & exceptions handling
Java script errors & exceptions handling
AbhishekMondal42
 
Javascript tutorial
Javascript tutorialJavascript tutorial
Javascript tutorial
Abhishek Kesharwani
 
JAVA SCRIPT
JAVA SCRIPTJAVA SCRIPT
JAVA SCRIPT
Go4Guru
 
Basic JavaScript Tutorial
Basic JavaScript TutorialBasic JavaScript Tutorial
Basic JavaScript Tutorial
DHTMLExtreme
 
LINQ
LINQLINQ
LINQ
Betclic Everest Group Tech Team
 
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
nrvalluri
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
Lemi Orhan Ergin
 

More Related Content

What's hot

JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques
WebStackAcademy
 
Basic JavaScript Tutorial
Basic JavaScript TutorialBasic JavaScript Tutorial
Basic JavaScript Tutorial
DHTMLExtreme
 

What's hot (20)

Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
 
Angular 8
Angular 8 Angular 8
Angular 8
 
Authenticating Angular Apps with JWT
Authenticating Angular Apps with JWTAuthenticating Angular Apps with JWT
Authenticating Angular Apps with JWT
 
Oops concepts in php
Oops concepts in phpOops concepts in php
Oops concepts in php
 
Angular Notes.pdf
Angular Notes.pdfAngular Notes.pdf
Angular Notes.pdf
 
JavaScript Data Types
JavaScript Data TypesJavaScript Data Types
JavaScript Data Types
 
JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects
 
JavaScript - Chapter 4 - Types and Statements
JavaScript - Chapter 4 - Types and Statements JavaScript - Chapter 4 - Types and Statements
JavaScript - Chapter 4 - Types and Statements
 
Javascript Basic
Javascript BasicJavascript Basic
Javascript Basic
 
NestJS
NestJSNestJS
NestJS
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques
 
Java script errors & exceptions handling
Java script errors & exceptions handlingJava script errors & exceptions handling
Java script errors & exceptions handling
 
Javascript tutorial
Javascript tutorialJavascript tutorial
Javascript tutorial
 
JAVA SCRIPT
JAVA SCRIPTJAVA SCRIPT
JAVA SCRIPT
 
Basic JavaScript Tutorial
Basic JavaScript TutorialBasic JavaScript Tutorial
Basic JavaScript Tutorial
 
LINQ
LINQLINQ
LINQ
 

Similar to Angular - Chapter 9 - Authentication and Authorization

Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
Channy Yun
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
Austina Francis
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Amazon Web Services
 

Similar to Angular - Chapter 9 - Authentication and Authorization (20)

446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
blockchain class 3.pdf
blockchain class 3.pdfblockchain class 3.pdf
blockchain class 3.pdf
 
Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP Services
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWS
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser Security
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...
 
Basics of the Web Platform
Basics of the Web PlatformBasics of the Web Platform
Basics of the Web Platform
 
Technical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWSTechnical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWS
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
 
526_topic08.ppt
526_topic08.ppt526_topic08.ppt
526_topic08.ppt
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Chapter 2.pptx
Chapter 2.pptxChapter 2.pptx
Chapter 2.pptx
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
 
Null talk
Null talkNull talk
Null talk
 

More from WebStackAcademy

WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per Second
WebStackAcademy
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and Opportunities
WebStackAcademy
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling
WebStackAcademy
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model
WebStackAcademy
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
WebStackAcademy
 
JavaScript - Chapter 5 - Operators
JavaScript - Chapter 5 - Operators JavaScript - Chapter 5 - Operators
JavaScript - Chapter 5 - Operators
WebStackAcademy
 

More from WebStackAcademy (20)

Webstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement JourneyWebstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement Journey
 
WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per Second
 
WSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer CourseWSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer Course
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and Opportunities
 
Webstack Academy - Internship Kick Off
Webstack Academy - Internship Kick OffWebstack Academy - Internship Kick Off
Webstack Academy - Internship Kick Off
 
Building Your Online Portfolio
Building Your Online PortfolioBuilding Your Online Portfolio
Building Your Online Portfolio
 
Front-End Developer's Career Roadmap
Front-End Developer's Career RoadmapFront-End Developer's Career Roadmap
Front-End Developer's Career Roadmap
 
Angular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase IntegrationAngular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase Integration
 
Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - Components
 
Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction
 
JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling
 
JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model
 
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
 
JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions
 
JavaScript - Chapter 6 - Basic Functions
JavaScript - Chapter 6 - Basic Functions JavaScript - Chapter 6 - Basic Functions
JavaScript - Chapter 6 - Basic Functions
 
JavaScript - Chapter 5 - Operators
JavaScript - Chapter 5 - Operators JavaScript - Chapter 5 - Operators
JavaScript - Chapter 5 - Operators
 

Recently uploaded

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Angular - Chapter 9 - Authentication and Authorization

  • 3. www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
  • 4. www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
  • 5. www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
  • 7. www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
  • 8. www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
  • 9. www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
  • 10. www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
  • 11. www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
  • 12. www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
  • 13. www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
  • 15. www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
  • 16. www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
  • 17. www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
  • 18. www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
  • 19. www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media: