We will see how to implement token based authentication
Tech Stack we will use :
- Flask ( Backend API in Python)
- Sqlite ( Database )
So in order to do token based authentication, we first need to know what this “Token” actually is, and what is the flow of the authentication.
What is Token Based Authentication ?
The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their to ken has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site. Using some form of authentication: a header, GET or POST request, or a cookie of some kind, the site can then determine what leveI have an Angular application (SPA) that communicates with a REST API server and I’m interested in finding out the best method to store an access token that is returned from an API server so that the Angular client can use it to authenticate future requests to the API. For security reasons, I would like to store it as a browser session variable so that the token is not persisted after the browser is closed.
How does it work ?
1) The client makes a request to the API providing it with user credentials.
2) If this request is successful, the token is stored
3) Intercept HTTP requests. If token is set, pass it along as a header to API and user data is saved globally
4) Token is destroyed when the browser/tab is closed.
Building our App (coming soon)
Some reference :
-[Secure your AngularJS Application SPA] (https://www.slideshare.net/carlo.bonamico/angularjs-security-defend-your-single-page-application)
-[Secure your SPA with Token Based Authentication] (https://www.slideshare.net/StefanAchtsnit/securing-single-page-applications-withtoken-based-authentication)