Securing Angular Apps with OpenID Connect and OAuth2

By Brian Noyes
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-On (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
Course info
Level
Intermediate
Updated
Jul 27, 2018
Duration
2h 31m
Table of contents
Angular App Security Big Picture
Introduction 3m Security Design Considerations 6m Client vs. Server Security 2m Angular App Security Architecture 2m Authentication and Authorization 4m Terminology 3m OpenID Connect And OAuth 2 Protocols 2m Identity Provider Options 5m Client Library Options 2m A Tour Through the Demo Application 4m
Authenticating with OpenID Connect
Introduction 1m Why Use OpenID Connect? 2m JWT Tokens and OpenID Connect Flows 3m A Word About the oidc-client Library 3m Getting Started with the App Code 2m Getting the Client App Running 2m Getting the Back End Code Running 4m Adding oidc-client and an Authorization Service 7m Adding Login to the App 6m Adding the Post-login Redirect Page 3m Creating the User Object and Checking Logged In Status 4m Inspecting JWT Tokens 3m Switching to Auth0 and Setting up Tenants, Apps, Users, and APIs 5m Changing the Client Configuration for Auth0 3m Addressing Configuration Differences Between Auth0 and IdentityServer4 3m Summary 9m
Authorizing Calls to Your Backend APIs with OAuth2
Introduction 2m OAuth 2 Terminology/Roles 1m OAuth 2 Grant Types 2m Demo Overview and Current Status 3m Adding Authentication to the API 3m Adding Access Tokens Manually to HTTP Requests 2m Adding Access Tokens Automatically with an HTTP Interceptor 5m Adding Access Tokens Automatically with an HTTP Interceptor 2m Filtering Data in the API Based on Caller Identity 3m Summary 1m Handling Authorization Errors in the Client App 3m OAuth 2 Token Types 3m Adding Access Control Checks Based on Permissions 3m
Enhancing the User Experience with Client Security Context
Introduction 2m Single Sign-On Across Multiple Apps 2m Block Navigation to Unauthorized Routes with Route Guards 2m Summary 2m Silent Renewal of Access Tokens 6m Providing a User Security Context to the Client App 3m Hide, Show, or Disable UI Based on Security Context 3m Enabling Silent Renew in Your Angular App 8m
Course Overview
Course Overview 1m
Description
Course info
Level
Intermediate
Updated
Jul 27, 2018
Duration
2h 31m
Description

Securing your Angular apps with modern, interoperable security protocols helps you ensure your apps are secure, and that they can participate in a Single Sign-On (SSO) experience across multiple apps that use the same identity provider. In this course, Securing Angular Apps with OpenID and OAuth 2, you will learn how to apply the OpenID Connect and OAuth 2 protocols to authenticate users and authorize their access to functionality and data in your apps. First, you will explore the security fundamentals and concepts you need to be aware of for Angular apps. Next, you will discover how to connect to your OpenID Connect identity provider for authentication. Lastly, you will successfully use and manage your OAuth 2 access tokens for authorization. When you are finished with this course, you will have a solid foundation for building your Angular apps with robust security and done in a way that lets you integrate with any OpenID Connect and OAuth 2 identity provider.

About the author
Brian Noyes
About the author

Brian Noyes is CTO and Architect at Solliance, an expert technology solutions development company. Brian is a Microsoft Regional Director and MVP, and specializes in rich client technologies including XAML and HTML 5, as well as building the services that back them with WCF and ASP.NET Web API.

More from the author
Building Data Centric Apps with Angular and BreezeJS
Intermediate
4h 33m
Jun 20, 2017
WPF Productivity Playbook
Intermediate
2h 57m
Aug 22, 2016
More courses by Brian Noyes
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, this is Brian Noyes, and welcome to my course, Securing Angular Apps with OpenID Connect and OAuth2. I'm a software architect with over 20 years of experience and have been working with Angular and other single-page application frameworks for over 5 years. I've seen many approaches to security, some good and some really bad. It's never been more important to make sure the apps you build and the data they manage are securer than it is today. There's also a growing expectation from users that apps will participate in a single sign-on experience for the user so they don't have to remember and use separate accounts for every app they work with. In this course I'll show you how you can use OpenID Connect and OAuth2 protocols to secure your Angular apps with the most modern, interoperable, standardized, and secure protocols, and ones that allow your app to be part of a single sign-on ecosystem of apps for your users. You'll see how to handle the authentication process, getting your users logged in, and authorization, or access control, to make sure users can only see and do what they're supposed to within your app and the back-end APIs that your app talks to. I'm really looking forward to showing you how easy it can be to do the right thing with security in your Angular apps.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT