{"id":2449,"date":"2018-04-10T11:30:33","date_gmt":"2018-04-10T09:30:33","guid":{"rendered":"https:\/\/www.angulararchitects.io\/?p=2449"},"modified":"2018-04-10T11:30:33","modified_gmt":"2018-04-10T09:30:33","slug":"new-library-version-authentication-and-authorization","status":"publish","type":"post","link":"https:\/\/www.angulararchitects.io\/en\/blog\/new-library-version-authentication-and-authorization\/","title":{"rendered":"New Library Version: Authentication And Authorization"},"content":{"rendered":"
\n

In the last days, I've updated my lib
\nthat allows to use OAuth 2 and OpenId Connect (OIDC) together with Angular 2 to
\nimplement modern auth scenarios. In order to align with the new naming
\nconventions (#JustAngular) it is called angular-oauth2-oidc<\/i> <\/span>now. It can be downloaded via npm. <\/span><\/span>Same examples<\/span><\/a><\/span> <\/span><\/span>showing how to use it can be found in
\nthe <\/span><\/span>npm repository<\/span><\/a><\/span>. The next sections describe the new features.<\/span><\/p>\n

<\/b><\/p>\n

Password Flow<\/b><\/h2>\n

<\/o:p><\/span><\/p>\n

The new version not only supports the
\nimplicit flow which redirects the user to the auth server for logging in, but also the password flow. This flow demands the users to enter their credentials into the client. The client in turn can exchange them for an access token. Although this undermines the ideas of OAuth 2 in some way, it is a popular approach for business applications where users don't have a problem with entrusting the client with their passwords.<\/span><\/p>\n

<\/b><\/p>\n

Discovery Document<\/b><\/h2>\n

<\/o:p><\/span><\/p>\n

To simplify the configuration of the library it can now read the discovery document that is described by OIDC.<\/span><\/p>\n

<\/b><\/p>\n

Refresh Tokens<\/b><\/h2>\n

<\/o:p><\/span><\/p>\n

The new version can also use refresh tokens to fetch a new access token, for instance after it expired. Using this approach sliding expiration can be implemented. It is important to note that the implicit flow doesn't allow for refresh tokens by design. Therefore, the lib only supports refresh tokens when using the password flow.<\/span><\/p>\n

<\/b><\/p>\n

Querying the userinfo endpoint<\/b><\/h2>\n

<\/o:p><\/span><\/p>\n

OIDC also defines a userinfo endpoint that returns some information about the current user. As the password flow does not support issuing an identity token, this endpoint can be used instead.<\/span><\/p>\n

\n

Further information<\/h2>\n<\/p>\n

\n