SlideShare a Scribd company logo

Angular - Chapter 9 - Authentication and Authorization

WebStackAcademy
WebStackAcademy

This document provides an introduction to authentication and authorization in Angular applications. It discusses authentication as validating users through credentials like username and password, while authorization controls user access permissions. JSON web tokens (JWTs) are then introduced as a way to securely transmit information to authenticate users between the client and server. The structure and usage of JWTs is explained, including how the header, payload, and signature parts work with base64 encoding and HMAC algorithms. Finally, local storage methods for storing user data in the browser are reviewed.

Technology
1 of 19
Download to read offline
www.webstackacademy.com Authentication and Authorization Angular
www.webstackacademy.comwww.webstackacademy.com Introduction (Security Foundations)
www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
www.webstackacademy.com JSON Web Tokens (JWT) – In Action..
www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
www.webstackacademy.comwww.webstackacademy.com Local Storage (Storing user data in the browser)
www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media:

Recommended

Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2
Knoldus Inc.
 
Angular js routing options
Angular js routing optionsAngular js routing options
Angular js routing options
Nir Kaufman
 
Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
Amit Baghel
 
React Router: React Meetup XXL
React Router: React Meetup XXLReact Router: React Meetup XXL
React Router: React Meetup XXL
Rob Gietema
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular Components
Squash Apps Pvt Ltd
 
Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP Services
WebStackAcademy
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorial
Rohit Gupta
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
Duy Khanh
 

Recommended

Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2
Knoldus Inc.
 
Angular js routing options
Angular js routing optionsAngular js routing options
Angular js routing options
Nir Kaufman
 
Angularjs PPT
Angularjs PPTAngularjs PPT
Angularjs PPT
Amit Baghel
 
React Router: React Meetup XXL
React Router: React Meetup XXLReact Router: React Meetup XXL
React Router: React Meetup XXL
Rob Gietema
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular Components
Squash Apps Pvt Ltd
 
Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP Services
WebStackAcademy
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorial
Rohit Gupta
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
Duy Khanh
 
Angular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariAngular Introduction By Surekha Gadkari
Angular Introduction By Surekha Gadkari
Surekha Gadkari
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming
WebStackAcademy
 
Angular introduction students
Angular introduction studentsAngular introduction students
Angular introduction students
Christian John Felix
 
Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling
WebStackAcademy
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
Eyal Vardi
 
Authenticating Angular Apps with JWT
Authenticating Angular Apps with JWTAuthenticating Angular Apps with JWT
Authenticating Angular Apps with JWT
Jennifer Estrada
 
ES6 presentation
ES6 presentationES6 presentation
ES6 presentation
ritika1
 
What is component in reactjs
What is component in reactjsWhat is component in reactjs
What is component in reactjs
manojbkalla
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
Jennifer Estrada
 
Angular Directives
Angular DirectivesAngular Directives
Angular Directives
iFour Technolab Pvt. Ltd.
 
Angular Dependency Injection
Angular Dependency InjectionAngular Dependency Injection
Angular Dependency Injection
Nir Kaufman
 
Angular 14.pptx
Angular 14.pptxAngular 14.pptx
Angular 14.pptx
MohaNedGhawar
 
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
Unit 1 - TypeScript & Introduction to Angular CLI.pptxUnit 1 - TypeScript & Introduction to Angular CLI.pptx
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
Malla Reddy University
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
WebStackAcademy
 
Introduction to angular with a simple but complete project
Introduction to angular with a simple but complete projectIntroduction to angular with a simple but complete project
Introduction to angular with a simple but complete project
Jadson Santos
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?
Fibonalabs
 
AngularJS - Services
AngularJS - ServicesAngularJS - Services
AngularJS - Services
Nir Kaufman
 
Angular
AngularAngular
Angular
Mouad EL Fakir
 
Angular
AngularAngular
Angular
TejinderMakkar
 
ASP.NET MVC.
ASP.NET MVC.ASP.NET MVC.
ASP.NET MVC.
Ni
 
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
nrvalluri
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
Lemi Orhan Ergin
 

More Related Content

What's hot

JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
WebStackAcademy
 

What's hot (20)

Angular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariAngular Introduction By Surekha Gadkari
Angular Introduction By Surekha Gadkari
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming
 
Angular introduction students
Angular introduction studentsAngular introduction students
Angular introduction students
 
Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
 
Authenticating Angular Apps with JWT
Authenticating Angular Apps with JWTAuthenticating Angular Apps with JWT
Authenticating Angular Apps with JWT
 
ES6 presentation
ES6 presentationES6 presentation
ES6 presentation
 
What is component in reactjs
What is component in reactjsWhat is component in reactjs
What is component in reactjs
 
Angular Data Binding
Angular Data BindingAngular Data Binding
Angular Data Binding
 
Angular Directives
Angular DirectivesAngular Directives
Angular Directives
 
Angular Dependency Injection
Angular Dependency InjectionAngular Dependency Injection
Angular Dependency Injection
 
Angular 14.pptx
Angular 14.pptxAngular 14.pptx
Angular 14.pptx
 
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
Unit 1 - TypeScript & Introduction to Angular CLI.pptxUnit 1 - TypeScript & Introduction to Angular CLI.pptx
Unit 1 - TypeScript & Introduction to Angular CLI.pptx
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
 
Introduction to angular with a simple but complete project
Introduction to angular with a simple but complete projectIntroduction to angular with a simple but complete project
Introduction to angular with a simple but complete project
 
React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?React Class Components vs Functional Components: Which is Better?
React Class Components vs Functional Components: Which is Better?
 
AngularJS - Services
AngularJS - ServicesAngularJS - Services
AngularJS - Services
 
Angular
AngularAngular
Angular
 
Angular
AngularAngular
Angular
 
ASP.NET MVC.
ASP.NET MVC.ASP.NET MVC.
ASP.NET MVC.
 

Similar to Angular - Chapter 9 - Authentication and Authorization

Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
Stefan Achtsnit
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
Channy Yun
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
Austina Francis
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Amazon Web Services
 

Similar to Angular - Chapter 9 - Authentication and Authorization (20)

446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
blockchain class 3.pdf
blockchain class 3.pdfblockchain class 3.pdf
blockchain class 3.pdf
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWS
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser Security
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...
 
Basics of the Web Platform
Basics of the Web PlatformBasics of the Web Platform
Basics of the Web Platform
 
Technical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWSTechnical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWS
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
 
526_topic08.ppt
526_topic08.ppt526_topic08.ppt
526_topic08.ppt
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Chapter 2.pptx
Chapter 2.pptxChapter 2.pptx
Chapter 2.pptx
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
 
Null talk
Null talkNull talk
Null talk
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 

More from WebStackAcademy

WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per Second
WebStackAcademy
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and Opportunities
WebStackAcademy
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques
WebStackAcademy
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling
WebStackAcademy
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model
WebStackAcademy
 

More from WebStackAcademy (20)

Webstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement JourneyWebstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement Journey
 
WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per Second
 
WSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer CourseWSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer Course
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and Opportunities
 
Webstack Academy - Internship Kick Off
Webstack Academy - Internship Kick OffWebstack Academy - Internship Kick Off
Webstack Academy - Internship Kick Off
 
Building Your Online Portfolio
Building Your Online PortfolioBuilding Your Online Portfolio
Building Your Online Portfolio
 
Front-End Developer's Career Roadmap
Front-End Developer's Career RoadmapFront-End Developer's Career Roadmap
Front-End Developer's Career Roadmap
 
Angular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase IntegrationAngular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase Integration
 
Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - Components
 
Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction
 
JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling
 
JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model
 
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
 
JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects
 
JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions
 
JavaScript - Chapter 6 - Basic Functions
JavaScript - Chapter 6 - Basic Functions JavaScript - Chapter 6 - Basic Functions
JavaScript - Chapter 6 - Basic Functions
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Angular - Chapter 9 - Authentication and Authorization

  • 3. www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
  • 4. www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
  • 5. www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
  • 7. www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
  • 8. www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
  • 9. www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
  • 10. www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
  • 11. www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
  • 12. www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
  • 13. www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
  • 15. www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
  • 16. www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
  • 17. www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
  • 18. www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
  • 19. www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media: