SlideShare a Scribd company logo

Angular - Chapter 9 - Authentication and Authorization

WebStackAcademy
WebStackAcademy

This document provides an introduction to authentication and authorization in Angular applications. It discusses authentication as validating users through credentials like username and password, while authorization controls user access permissions. JSON web tokens (JWTs) are then introduced as a way to securely transmit information to authenticate users between the client and server. The structure and usage of JWTs is explained, including how the header, payload, and signature parts work with base64 encoding and HMAC algorithms. Finally, local storage methods for storing user data in the browser are reviewed.

Technology
1 of 19
Download to read offline
www.webstackacademy.com Authentication and Authorization Angular
www.webstackacademy.comwww.webstackacademy.com Introduction (Security Foundations)
www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
www.webstackacademy.com JSON Web Tokens (JWT) – In Action..
www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
www.webstackacademy.comwww.webstackacademy.com Local Storage (Storing user data in the browser)
www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media:

Recommended

Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesWebStackAcademy
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Knoldus Inc.
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootPurbarun Chakrabarti
 
Angular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariAngular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariSurekha Gadkari
 
Angular 8
Angular 8 Angular 8
Angular 8 Sunil OS
 
Workshop 21: React Router
Workshop 21: React RouterWorkshop 21: React Router
Workshop 21: React RouterVisual Engineering
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging TechniquesWebStackAcademy
 

Recommended

Angular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesAngular - Chapter 7 - HTTP Services
Angular - Chapter 7 - HTTP ServicesWebStackAcademy
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Routing & Navigating Pages in Angular 2
Routing & Navigating Pages in Angular 2Knoldus Inc.
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootPurbarun Chakrabarti
 
Angular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariAngular Introduction By Surekha Gadkari
Angular Introduction By Surekha GadkariSurekha Gadkari
 
Angular 8
Angular 8 Angular 8
Angular 8 Sunil OS
 
Workshop 21: React Router
Workshop 21: React RouterWorkshop 21: React Router
Workshop 21: React RouterVisual Engineering
 
JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging Techniques JavaScript - Chapter 15 - Debugging Techniques
JavaScript - Chapter 15 - Debugging TechniquesWebStackAcademy
 
Node.js Express
Node.js ExpressNode.js Express
Node.js ExpressEyal Vardi
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsWebStackAcademy
 
Introduction to ReactJS
Introduction to ReactJSIntroduction to ReactJS
Introduction to ReactJSHoang Long
 
Introduction to Angularjs
Introduction to AngularjsIntroduction to Angularjs
Introduction to AngularjsManish Shekhawat
 
Intro to Asynchronous Javascript
Intro to Asynchronous JavascriptIntro to Asynchronous Javascript
Intro to Asynchronous JavascriptGarrett Welson
 
Spring boot
Spring bootSpring boot
Spring bootsdeeg
 
Basics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdfBasics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdfKnoldus Inc.
 
Building blocks of Angular
Building blocks of AngularBuilding blocks of Angular
Building blocks of AngularKnoldus Inc.
 
React workshop presentation
React workshop presentationReact workshop presentation
React workshop presentationBojan Golubović
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorialRohit Gupta
 
Understanding react hooks
Understanding react hooksUnderstanding react hooks
Understanding react hooksMaulik Shah
 
Express js
Express jsExpress js
Express jsManav Prasad
 
[Final] ReactJS presentation
[Final] ReactJS presentation[Final] ReactJS presentation
[Final] ReactJS presentation洪 鹏发
 
ASP.NET MVC Presentation
ASP.NET MVC PresentationASP.NET MVC Presentation
ASP.NET MVC Presentationivpol
 
Angular Advanced Routing
Angular Advanced RoutingAngular Advanced Routing
Angular Advanced RoutingLaurent Duveau
 
Angular Directives
Angular DirectivesAngular Directives
Angular DirectivesiFour Technolab Pvt. Ltd.
 
Basic Concept of Node.js & NPM
Basic Concept of Node.js & NPMBasic Concept of Node.js & NPM
Basic Concept of Node.js & NPMBhargav Anadkat
 
Expressjs
ExpressjsExpressjs
ExpressjsYauheni Nikanovich
 
Angular modules in depth
Angular modules in depthAngular modules in depth
Angular modules in depthChristoffer Noring
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular ComponentsSquash Apps Pvt Ltd
 
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)nrvalluri
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersLemi Orhan Ergin
 

More Related Content

What's hot

Node.js Express
Node.js ExpressNode.js Express
Node.js ExpressEyal Vardi
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsWebStackAcademy
 
Introduction to ReactJS
Introduction to ReactJSIntroduction to ReactJS
Introduction to ReactJSHoang Long
 
Intro to Asynchronous Javascript
Intro to Asynchronous JavascriptIntro to Asynchronous Javascript
Intro to Asynchronous JavascriptGarrett Welson
 
Spring boot
Spring bootSpring boot
Spring bootsdeeg
 
Basics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdfBasics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdfKnoldus Inc.
 
Building blocks of Angular
Building blocks of AngularBuilding blocks of Angular
Building blocks of AngularKnoldus Inc.
 
React workshop presentation
React workshop presentationReact workshop presentation
React workshop presentationBojan Golubović
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorialRohit Gupta
 
Understanding react hooks
Understanding react hooksUnderstanding react hooks
Understanding react hooksMaulik Shah
 
[Final] ReactJS presentation
[Final] ReactJS presentation[Final] ReactJS presentation
[Final] ReactJS presentation洪 鹏发
 
ASP.NET MVC Presentation
ASP.NET MVC PresentationASP.NET MVC Presentation
ASP.NET MVC Presentationivpol
 
Angular Advanced Routing
Angular Advanced RoutingAngular Advanced Routing
Angular Advanced RoutingLaurent Duveau
 
Basic Concept of Node.js & NPM
Basic Concept of Node.js & NPMBasic Concept of Node.js & NPM
Basic Concept of Node.js & NPMBhargav Anadkat
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular ComponentsSquash Apps Pvt Ltd
 

What's hot (20)

Node.js Express
Node.js ExpressNode.js Express
Node.js Express
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - Components
 
Introduction to ReactJS
Introduction to ReactJSIntroduction to ReactJS
Introduction to ReactJS
 
Introduction to Angularjs
Introduction to AngularjsIntroduction to Angularjs
Introduction to Angularjs
 
Intro to Asynchronous Javascript
Intro to Asynchronous JavascriptIntro to Asynchronous Javascript
Intro to Asynchronous Javascript
 
Spring boot
Spring bootSpring boot
Spring boot
 
Basics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdfBasics of React Hooks.pptx.pdf
Basics of React Hooks.pptx.pdf
 
Building blocks of Angular
Building blocks of AngularBuilding blocks of Angular
Building blocks of Angular
 
React workshop presentation
React workshop presentationReact workshop presentation
React workshop presentation
 
Angular tutorial
Angular tutorialAngular tutorial
Angular tutorial
 
Understanding react hooks
Understanding react hooksUnderstanding react hooks
Understanding react hooks
 
Express js
Express jsExpress js
Express js
 
[Final] ReactJS presentation
[Final] ReactJS presentation[Final] ReactJS presentation
[Final] ReactJS presentation
 
ASP.NET MVC Presentation
ASP.NET MVC PresentationASP.NET MVC Presentation
ASP.NET MVC Presentation
 
Angular Advanced Routing
Angular Advanced RoutingAngular Advanced Routing
Angular Advanced Routing
 
Angular Directives
Angular DirectivesAngular Directives
Angular Directives
 
Basic Concept of Node.js & NPM
Basic Concept of Node.js & NPMBasic Concept of Node.js & NPM
Basic Concept of Node.js & NPM
 
Expressjs
ExpressjsExpressjs
Expressjs
 
Angular modules in depth
Angular modules in depthAngular modules in depth
Angular modules in depth
 
Sharing Data Between Angular Components
Sharing Data Between Angular ComponentsSharing Data Between Angular Components
Sharing Data Between Angular Components
 

Similar to Angular - Chapter 9 - Authentication and Authorization

446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)nrvalluri
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersLemi Orhan Ergin
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
blockchain class 3.pdf
blockchain class 3.pdfblockchain class 3.pdf
blockchain class 3.pdfGopalSB
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecuritySanjeev Verma, PhD
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...OutSystems
 
Technical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWSTechnical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWSatSistemas
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)Channy Yun
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Amazon Web Services
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 

Similar to Angular - Chapter 9 - Authentication and Authorization (20)

446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
446-FUNDAMENTALS OF WEB FOR NON DEVELOPERS (Useful-Knowledge)
 
Fundamentals of Web for Non-Developers
Fundamentals of Web for Non-DevelopersFundamentals of Web for Non-Developers
Fundamentals of Web for Non-Developers
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
blockchain class 3.pdf
blockchain class 3.pdfblockchain class 3.pdf
blockchain class 3.pdf
 
Blockchain on AWS
Blockchain on AWSBlockchain on AWS
Blockchain on AWS
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
Evolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser SecurityEvolution Of The Web Platform & Browser Security
Evolution Of The Web Platform & Browser Security
 
Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...Training Webinar: Enterprise application performance with server push technol...
Training Webinar: Enterprise application performance with server push technol...
 
Basics of the Web Platform
Basics of the Web PlatformBasics of the Web Platform
Basics of the Web Platform
 
Technical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWSTechnical considerations for Blockchain networks with AWS
Technical considerations for Blockchain networks with AWS
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)
 
526_topic08.ppt
526_topic08.ppt526_topic08.ppt
526_topic08.ppt
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Chapter 2.pptx
Chapter 2.pptxChapter 2.pptx
Chapter 2.pptx
 
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
Deep Dive on Amazon Managed Blockchain: re:Invent 2018 Recap at the AWS Loft ...
 
Null talk
Null talkNull talk
Null talk
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 

More from WebStackAcademy

Webstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement JourneyWebstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement JourneyWebStackAcademy
 
WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWebStackAcademy
 
WSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer CourseWSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer CourseWebStackAcademy
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesWebStackAcademy
 
Webstack Academy - Internship Kick Off
Webstack Academy - Internship Kick OffWebstack Academy - Internship Kick Off
Webstack Academy - Internship Kick OffWebStackAcademy
 
Building Your Online Portfolio
Building Your Online PortfolioBuilding Your Online Portfolio
Building Your Online PortfolioWebStackAcademy
 
Front-End Developer's Career Roadmap
Front-End Developer's Career RoadmapFront-End Developer's Career Roadmap
Front-End Developer's Career RoadmapWebStackAcademy
 
Angular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase IntegrationAngular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase IntegrationWebStackAcademy
 
Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives Angular - Chapter 5 - Directives
Angular - Chapter 5 - DirectivesWebStackAcademy
 
Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event HandlingWebStackAcademy
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming WebStackAcademy
 
Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction Angular - Chapter 1 - Introduction
Angular - Chapter 1 - IntroductionWebStackAcademy
 
JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and ArraysWebStackAcademy
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling WebStackAcademy
 
JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)WebStackAcademy
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object ModelWebStackAcademy
 
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events WebStackAcademy
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions WebStackAcademy
 
JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - ObjectsWebStackAcademy
 
JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced FunctionsWebStackAcademy
 

More from WebStackAcademy (20)

Webstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement JourneyWebstack Academy - Course Demo Webinar and Placement Journey
Webstack Academy - Course Demo Webinar and Placement Journey
 
WSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per SecondWSA: Scaling Web Service to Handle Millions of Requests per Second
WSA: Scaling Web Service to Handle Millions of Requests per Second
 
WSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer CourseWSA: Course Demo Webinar - Full Stack Developer Course
WSA: Course Demo Webinar - Full Stack Developer Course
 
Career Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and OpportunitiesCareer Building in AI - Technologies, Trends and Opportunities
Career Building in AI - Technologies, Trends and Opportunities
 
Webstack Academy - Internship Kick Off
Webstack Academy - Internship Kick OffWebstack Academy - Internship Kick Off
Webstack Academy - Internship Kick Off
 
Building Your Online Portfolio
Building Your Online PortfolioBuilding Your Online Portfolio
Building Your Online Portfolio
 
Front-End Developer's Career Roadmap
Front-End Developer's Career RoadmapFront-End Developer's Career Roadmap
Front-End Developer's Career Roadmap
 
Angular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase IntegrationAngular - Chapter 6 - Firebase Integration
Angular - Chapter 6 - Firebase Integration
 
Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives Angular - Chapter 5 - Directives
Angular - Chapter 5 - Directives
 
Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling Angular - Chapter 4 - Data and Event Handling
Angular - Chapter 4 - Data and Event Handling
 
Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming Angular - Chapter 2 - TypeScript Programming
Angular - Chapter 2 - TypeScript Programming
 
Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction Angular - Chapter 1 - Introduction
Angular - Chapter 1 - Introduction
 
JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays JavaScript - Chapter 10 - Strings and Arrays
JavaScript - Chapter 10 - Strings and Arrays
 
JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling JavaScript - Chapter 14 - Form Handling
JavaScript - Chapter 14 - Form Handling
 
JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)JavaScript - Chapter 13 - Browser Object Model(BOM)
JavaScript - Chapter 13 - Browser Object Model(BOM)
 
JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model JavaScript - Chapter 12 - Document Object Model
JavaScript - Chapter 12 - Document Object Model
 
JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events JavaScript - Chapter 11 - Events
JavaScript - Chapter 11 - Events
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
 
JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects JavaScript - Chapter 8 - Objects
JavaScript - Chapter 8 - Objects
 
JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions JavaScript - Chapter 7 - Advanced Functions
JavaScript - Chapter 7 - Advanced Functions
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Angular - Chapter 9 - Authentication and Authorization

  • 3. www.webstackacademy.com Introduction • Authentication is the process of validating a user on the credentials (username and password) and provide access to the web application(ex: Email) • Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user (Ex: User / Manager / Admin). • Authorization is applied after the user is authenticated. Typically users are assigned with rights / permissions based on which appropriate section(s) are loaded in the web application • The user interacts with the server on Authorized sections of the application which results in data exchange. In order to protect security and integrity of data other security components (ex: Encryption) comes into picture
  • 4. www.webstackacademy.com Introduction • Security is an inherent and critical feature of a web application. With rich data available in the web server, any compromise results in bigger issues in socio / political ecosystem • There are many algorithms, standards and tools in security which is quite vast in nature • Our idea is to understand security from Angular Authentication and Authorization perspective by practically implementing them in front-end web applications • We will enhance our understanding of Routes (previous chapter) and display / hide certain components based on the user authorization
  • 5. www.webstackacademy.com JSON Web Tokens (JWT) • JSON Web Token (JWT) is an open standard defined in RFC 7519. • It is a compact and self-contained way for securely transmitting information between parties (ex: Web client and server) as a JSON object. • This information can be verified and trusted because it is digitally signed. • JWTs are signed using a secret (ex: HMAC algorithm) which is only known to client & server • The signed token ensures the data integrity and security
  • 7. www.webstackacademy.com JSON Web Tokens (JWT) – Usage • JWTs are used in web based authorization once the user is successfully authenticated with valid username & password. • Each transaction between the client after authorization are done in a secure manner as the data is encrypted.
  • 8. www.webstackacademy.com JSON Web Tokens (JWT) – Structure • JWT has three parts that are separated by a (.) character • Header, Payload and Signature (ex: xxxx.yyyy.zzzz) • Each of them have a unique meaning and significance • An example JWT will look as follows
  • 9. www.webstackacademy.com JWT - Structure • Part-I (Header): Typically consists of two parts: • Type of the token (ex: jwt) • Hashing algorithm used (ex: HMAC SHA256) • Part-II (Payload): It contains claims. Claims are statements about an entity (typically, the user) and additional data. • Both Header & Payload are encoded using base64 encoding and made as a first and second part of the JWT { "alg": "HS256", "typ": "JWT" } { "sub": "1234567890", "name": "WSA", "admin": true }
  • 10. www.webstackacademy.com JWT - Structure • Part-III (Signature): The signature is nothing but a hash algorithm applied on header and payload • To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. • For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way: HMACSHA256 (base64(header) + "." + base64(payload), secret) • The output is three Base64 encoded strings separated by dots that can be easily passed in HTML and HTTP environments
  • 11. www.webstackacademy.com What is base64 Encoding? – A brief • Base64 converts a string of bytes into a string of ASCII characters so that they can be safely transmitted within HTTP. • When encoding, Base64 will divide the string of bytes into groups of 6 bits and each group will map to one of 64 characters. • In case the input is not clearly divisible in 6 bits, additional zeros are added for padding • Similar to ASCII table a mapping table is maintained
  • 12. www.webstackacademy.com What is HMAC SHA? – A brief • HMAC (Hash Message Authentication Code) - SHA (Secure Hash Algorithm) is a specific type of message authentication code (MAC) • It involves a cryptographic hash function and a secret cryptographic key. The key size can vary (ex: SHA 256) • The secret key is known only to the sender and the receiver • By applying hashing it generates what is known as signature of the given plain text. It can be used for validating the integrity of the message.
  • 13. www.webstackacademy.com Exercise • JWT Debugger tool: • It is used to generate JWT, let us do some hands-on • Goto https://jwt.io/#debugger and try out by generating some JWT • Base64 Encoding tool: • It is used to check base64 encoding, let us do some hands-on • Goto: https://www.base64decode.org and try out some encoding
  • 15. www.webstackacademy.com What is Local Storage? • The Local storage allow to save key/value pairs in a web browser. • The Local storage data will persist after the browser window is closed. • The local storage property is read-only. • Previously, cookies were used for storing such key value pairs. • Local storage has a significantly higher storage limit (5MB vs 4KB), better for storing client specific information
  • 16. www.webstackacademy.com Local storage methods Local storage supports a set of methods for dealing with the data Method Description setItem() Add key and value to local storage getItem() Retrieve a value by the key removeItem() Remove an item by key clear() Clear all storage
  • 17. www.webstackacademy.com Local storage methods usage localStorage.setItem('key', 'value'); localStorage.getItem('key'); localStorage.removeItem('key'); localStorage.clear();
  • 18. www.webstackacademy.comwww.webstackacademy.com Starter Code (A Brief about given code to get started with A & A)
  • 19. www.webstackacademy.com WebStack Academy #83, Farah Towers, 1st Floor, MG Road, Bangalore – 560001 M: +91-809 555 7332 E: training@webstackacademy.com WSA in Social Media: