Securing Angular Apps with OpenID Connect and OAuth 2

By Brian Noyes
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-on (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
Play course overview
Course info
Rating
(215)
Level
Intermediate
Updated
Dec 17, 2019
Duration
3h 10m
Table of contents
Course Overview
Course Overview 1m
Angular App Security Big Picture
Introduction 4m Security Design Considerations 6m Client vs. Server Security 2m Angular App Security Architecture 2m Authentication and Authorization 4m Terminology 3m OpenID Connect and OAuth 2 Protocols 2m Identity Provider Options 5m Client Library Options 2m A Tour through the Demo Application 4m
Authenticating with OpenID Connect
Introduction 2m Choosing OpenID Connect 2m Understanding OpenID Connect JWT Tokens 2m Choosing Your OpenID Connect Protocol Flow 6m Using Authorization Code Flow with PKCE 3m A Word About oidc-client Library 3m A Quick Review of the Client Functionality 2m Getting the Client Code Running on Your Machine 2m Getting the Server-side Code Running on Your Machine 4m Adding oidc-client and an Auth Service Component 2m Configuring oidc-client to Connect to Your STS 7m Adding Login to the App 5m Logging into the STS 6m Adding the Post-login Callback Page 4m Handling Login Status and Logging Out 4m Debugging Client Configuration Errors 3m Inspecting the JWT Tokens 3m A Word About User Registration 1m Summary 2m
Connecting to a Different OpenID Connect Provider
Introduction 1m Integrating with Other OIDC Providers 1m Configuring Client Apps, APIs, and Users in Auth0 4m Changing the Client Configuration to Connect with Auth0 3m Resolving Differences in STS Configuration 6m Summary 2m
Authorizing Calls to Your Backend APIs with OAuth 2
Introduction 2m OAuth 2 Terminology/Roles 1m OAuth 2 Grant Types 2m Understanding OAuth 2 Tokens 3m Requiring Consent 2m Requiring Authentication at the API Server 7m Passing Access Tokens in API Calls Manually 3m Using an Authentication Interceptor to Pass Tokens 7m Filtering Data Based on Claims 4m Enforcing Access Control Based on Claims 4m Handling Authorization Errors in the Client App 3m Using Role or Custom Claims for Filtering and Access Control 4m Summary 1m
Enhancing the Security User Experience
Introduction 2m Revisiting Token Management 7m Token Expiration Review 3m Enabling Silent Renew of Access Tokens 8m Providing a Security Context to the Client 4m Managing User Experience Based on the Security Context 3m Preventing Unauthorized Access to Views with Route Guards 2m Single Sign-on from Another Client App 2m Summary 2m
Description
Course info
Rating
(215)
Level
Intermediate
Updated
Dec 17, 2019
Duration
3h 10m
Description

Securing your Angular apps with modern, interoperable security protocols helps you ensure your apps are secure, and that they can participate in a Single Sign-on (SSO) experience across multiple apps that use the same identity provider. In this course, Securing Angular Apps with OpenID and OAuth 2, you will learn how to apply the OpenID Connect and OAuth 2 protocols to authenticate users and authorize their access to functionality and data in your apps. First, you will explore the security fundamentals and concepts you need to be aware of for Angular apps. Next, you will discover how to connect to your OpenID Connect identity provider for authentication. Lastly, you will successfully use and manage your OAuth 2 access tokens for authorization. When you are finished with this course, you will have a solid foundation for building your Angular apps with robust security and done in a way that lets you integrate with any OpenID Connect and OAuth 2 identity provider.

About the author
Brian Noyes
About the author

Brian Noyes is CTO and Architect at Solliance, an expert technology solutions development company. Brian is a Microsoft Regional Director and MVP, and specializes in rich client technologies including XAML and HTML 5, as well as building the services that back them with WCF and ASP.NET Web API.

More from the author
WPF MVVM in Depth
Intermediate
2h 56m
Feb 28, 2020
Building Data Centric Apps with Angular and BreezeJS
Intermediate
4h 32m
Jun 20, 2017
More courses by Brian Noyes
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, this is Brian Noyes, and welcome to my course, Securing Angular Apps with OpenID Connect and OAuth 2. I'm a software architect with over 20 years experience and have been working with Angular and other single‑page application frameworks for over 5 years. I've seen many approaches to security, some good and some really bad. It's never been more important to make sure the apps you build and the data they manage are securer than it is today. There's also a growing expectation from users that apps will participate in a single sign‑on experience for the user so they don't have to remember and use separate accounts for every app they work with. In this course, I'll show you how you can use OpenID Connect and OAuth 2 protocols to secure your Angular apps with the most modern, interoperable, standardized, and secure protocols, and ones that allow your app to be part of a single sign‑on ecosystem of apps for your users. You'll see how to handle the authentication process, getting your users logged in, and authorization or access control to make sure users can only see and do what they're supposed to within your app and the back‑end APIs that your app talks to. I'm really looking forward to showing you how easy it can be to do the right thing with security in your angular apps.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT