Implementation of user authentication in Angular app means that application's javascript must be available to user before he is authenticated. That is the problem. What is the correct way to make this happen with Angular? Do I need to implement a separate app for authentication and then redirect users to the base app?
2
-
Looks like XY problem. What are trying to achieve?Vidul– Vidul2015-08-02 19:22:03 +00:00Commented Aug 2, 2015 at 19:22
-
The goal is to prevent an access to my module's source files. Even minified they can be analyzed. It looks for me like a security vulnerability. I do not want my app's backend API endpoints to be compromised. If we request user credentials directly in the Angular app -> this app is already started and all sources are available to user -> the problem described above. If we make two separate Angular apps - > the question is how to transfer authentication state between them.Daniil Petrov– Daniil Petrov2015-08-03 05:19:01 +00:00Commented Aug 3, 2015 at 5:19
Add a comment
|
1 Answer
Authentication should be on server level. The angular app should be responsible for only the capturing of credentials, possibly encrypting it, and sending an authentication request to the server with those credentials. The server response(possibly a token) could be used for any further communications with the server to identify the logged in user and its available services.
If the application itself does not contain any private business logic, I don't see value in keeping the application away from the end user even before authentication. On that note, however, take a look at tasks that are used to minify javascript code. This may be second best :)
Comments
