We needed to have oauth2 authorization in angularjs project.
Internet search on the subject immediately brings large amout of solutions like:
But unfortunatelly:
However there is a problem with all those approaches.
Let's assume that you have properly implemented client side authorization, and finally have gotten an access_token.
access_token
Now, you access your server with that access_token. What is your first step on the server?
Right! Your should validate it against oauth2 provider.
So, while client side authorization, among other things, included a validation of your token, you have to perform the validation on the server once more.
At this point we felt that we need to implement our oauth2 API.
It can be found at nesterovsky-bros/oauth2.
This is the readme from that project:
Here we implement oauth2 authorization within angularjs.
Authentication is done as follows:
A base javascript class OAuth2 implements these steps.
There are following implementations that authorize against specific providers:
OAuth2Server - implements authorization through known providers, but calls server side to validate access token. This way, the server side can establish a user's session.
The file Config.json contains endpoints and request parameters per supported provider.
Note: You should register a client_id for each provider.
Note: user_id and access_tokens are unique only in a scope of access provider, thus a session is identified by Provider + access_token, and a user is identified by Provider + user_id.
The use case can be found in test.js E.g. authorization against OAuth2Server is done like this:
var login = new OAuth2Server(provider); token = login.authorize(); token.$promise.then( function() { // token contains populated data. }, function(error) { if (error) { // handle an error } });
Authorization token contains:
Whole sample is implemented as VS project. All scripts are build with app.tt, that combines content of Scripts/app int app.js.
Server side is implemented with ASP.NET Web API. Authorization controllers are: