Securing Angular Apps with OpenID Connect and OAuth 2

By Brian Noyes
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-on (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
Play course overview
Course info
Rating
(160)
Level
Intermediate
Updated
Oct 29, 2019
Duration
3h 10m
Table of contents
Course Overview
Course Overview 1m
Angular App Security Big Picture
Security Design Considerations 6m Identity Provider Options 5m Client Library Options 2m A Tour through the Demo Application 4m Authentication and Authorization 4m OpenID Connect and OAuth 2 Protocols 2m Introduction 4m Angular App Security Architecture 2m Terminology 3m Client vs. Server Security 2m
Authenticating with OpenID Connect
Choosing Your OpenID Connect Protocol Flow 6m Adding the Post-login Callback Page 4m Introduction 2m Handling Login Status and Logging Out 4m Configuring oidc-client to Connect to Your STS 7m A Word About User Registration 1m Getting the Client Code Running on Your Machine 2m A Word About oidc-client Library 3m Logging into the STS 6m Choosing OpenID Connect 2m Inspecting the JWT Tokens 3m Getting the Server-side Code Running on Your Machine 4m Adding Login to the App 5m Summary 2m Adding oidc-client and an Auth Service Component 2m Debugging Client Configuration Errors 3m A Quick Review of the Client Functionality 2m Understanding OpenID Connect JWT Tokens 2m Using Authorization Code Flow with PKCE 3m
Connecting to a Different OpenID Connect Provider
Summary 2m Changing the Client Configuration to Connect with Auth0 3m Introduction 1m Resolving Differences in STS Configuration 6m Integrating with Other OIDC Providers 1m Configuring Client Apps, APIs, and Users in Auth0 4m
Authorizing Calls to Your Backend APIs with OAuth 2
Introduction 2m Requiring Consent 2m Using Role or Custom Claims for Filtering and Access Control 4m Requiring Authentication at the API Server 7m Understanding OAuth 2 Tokens 3m Passing Access Tokens in API Calls Manually 3m Filtering Data Based on Claims 4m Summary 1m OAuth 2 Terminology/Roles 1m Using an Authentication Interceptor to Pass Tokens 7m Enforcing Access Control Based on Claims 4m Handling Authorization Errors in the Client App 3m OAuth 2 Grant Types 2m
Enhancing the Security User Experience
Single Sign-on from Another Client App 2m Revisiting Token Management 7m Providing a Security Context to the Client 4m Introduction 2m Managing User Experience Based on the Security Context 3m Preventing Unauthorized Access to Views with Route Guards 2m Summary 2m Token Expiration Review 3m Enabling Silent Renew of Access Tokens 8m
Description
Course info
Rating
(160)
Level
Intermediate
Updated
Oct 29, 2019
Duration
3h 10m
Description

Securing your Angular apps with modern, interoperable security protocols helps you ensure your apps are secure, and that they can participate in a Single Sign-on (SSO) experience across multiple apps that use the same identity provider. In this course, Securing Angular Apps with OpenID and OAuth 2, you will learn how to apply the OpenID Connect and OAuth 2 protocols to authenticate users and authorize their access to functionality and data in your apps. First, you will explore the security fundamentals and concepts you need to be aware of for Angular apps. Next, you will discover how to connect to your OpenID Connect identity provider for authentication. Lastly, you will successfully use and manage your OAuth 2 access tokens for authorization. When you are finished with this course, you will have a solid foundation for building your Angular apps with robust security and done in a way that lets you integrate with any OpenID Connect and OAuth 2 identity provider.

About the author
Brian Noyes
About the author

Brian Noyes is CTO and Architect at Solliance, an expert technology solutions development company. Brian is a Microsoft Regional Director and MVP, and specializes in rich client technologies including XAML and HTML 5, as well as building the services that back them with WCF and ASP.NET Web API.

More from the author
WPF MVVM in Depth
Intermediate
2h 56m
Feb 28, 2020
Building Data Centric Apps with Angular and BreezeJS
Intermediate
4h 32m
Jun 20, 2017
More courses by Brian Noyes
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] this'd Brian noise and welcome to my course, securing angular apse with open eye D connect. And a lot, too. I'm a software architect with over 20 years experience and have been working with angular and other single page application frameworks for over five years. I've seen many approaches to security, some good and some really bad. It's never been more important to make sure the apse you build and the data they manage our secure than it is today. There's also a growing expectation from users that APS will participate in a single sign on experience for the user so they don't have to remember and use separate accounts for every app they work with. In this course, I'll show you how you can use open I D connect and a lot to protocols to secure your angular APS with the most modern interoperable, standardized and secure protocols and ones that allow you're apt to be part of a single sign on ecosystem of APS. For your users, you'll see howto handle the authentication process, getting your users logged in and authorization or access control to make sure users can on Lee see and do what they're supposed to within your app and the back and AP eyes that you're apt talks to. I'm really looking forward to showing you how easy it can be to do the right thing with security in your angular APS.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT