9

While building my SPA with angularJS, i came to the point where i want to implement user authentication in my angularJS website. However, i have no idea where to start and what the best practices are.

Basically i have a sure that can have one or more roles. I've looked for examples so i could get a basic understanding of how to handle this properly, but so far i've only came across examples that are very simple or are not so secure (like this).

So my question is, how to I implement a authentication service using REST (or custom API urls) to authenticate a user, and then display the user information on the page using angularJS, while also ensuring best security coverage by using (for example) the csrf token from Laravel?

Thanks in advance, Nick van der Meij

Improve this question

2 Answers 2

Reset to default
19

I'm making an AngularJS app and an API RESTful made with Laravel 5 for the backend, and my approach for the authentication was:

  1. Installed jwt-auth. Basically extends the Auth model of Laravel adding authorization with tokens.
  2. Added simple role package to laravel. I used permiso. Has multiple roles/user and permissions/role. Very simple.
  3. Added jStorage to frontend. (you can use AngularJS module instead).

So the steps are:

  1. Frontend send user credentials (email and pass).
  2. Server checks, jwt-auth makes a token to that user and send it backs.
  3. Frontend save the token on the browser storage (no csrf needed with this approach).
  4. All next calls to the API are made with Authorization: Bearer header (or with ?token=... )
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I want to implement the same format, but I have already implemented the user roles and permissions by Entrust package. @neoroger is it possible to implement the jwt-auth with Entrust with all user and role permission running? any help is much appreciated? thnx in advance.
8

I like the same approach that @neoroger takes using JSON Web Tokens with jwt-auth. I used the Satellizer package for storing the token on the front end and to send it along with each request to the API afterwards.

I put together a couple tutorials that show how to implement the two packages if you are interested:

https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

http://ryanchenkie.com/token-based-authentication-for-angularjs-and-laravel-apps/

Improve this answer

5 Comments

I just finished reading your 2 articles and it has taught me so much. Love the approach and explanation on how to do it with JWT between Laravel and using Satellizer for Angular. Thank you.
:) I do have a question on how to use jwt.auth middleware to restrict access on all controllers. I have added that to the comments on that article. Today I was playing around the tutorial demo and I learnt so much about laravel and jwt authentication through that. Best tutorial I have read so far - no doubt!
I'm using this tutorial but I can't login.
completed auth, using ur tutorial... now for acl/role, will this work with entrust, or is there any package which support jwt token authentication....
and i am using mongodb

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.