Category angular

Securing an Angular app which uses multiple identity providers

Sometimes Angular applications are required to authenticate against multiple identity providers. This blog post shows how to implement an Angular SPA which authenticates using Auth0 for one identity provider and also IdentityServer4 from Duende software as the second. The SPA can logout from both of the identity providers individually and also revoke the refresh token […]

Secure an Angular SPA and an ASP.NET Core API using Auth0

This article shows how to implement an Angular single page application with an ASP.NET Core API and secured using the Open ID Connect code flow with PKCE and OAuth JWT Bearer tokens to protect the API. The identity provider is implemented using Auth0. The flow uses refresh tokens to renew the SPA session and the […]

Implementing OAuth Pushed Authorisation Requests in Angular

This posts shows how an Angular application can be secured using Open ID Connect code flow with PKCE and OAuth Pushed Authorisation Requests using node-oidc-provider as the identity provider. This requires configuration on both the client and the identity provider. Code: par-angular Getting started using Schematics and angular-auth-oidc-client The Angular client is implemented using angular-auth-oidc-client. […]

Using multiple APIs in Angular and ASP.NET Core with Azure AD authentication

This article shows how an Angular application could be used to access many APIs in a secure way. An API is created specifically for the Angular UI and the further APIs can only be access from the trusted backend which is under our control. Code: https://github.com/damienbod/AzureADAuthRazorUiServiceApiCertificate Posts in this series Implement Azure AD Client credentials […]

Angular SPA with an ASP.NET Core API using Azure AD Auth and user access tokens

This post shows how to authenticate an Angular SPA application using Azure AD and consume secure data from an ASP.NET Core API which is protected by Azure AD. Azure AD App registrations are used to configure and setup the authentication and authorization. The Angular application uses the OpenID Connect Code flow with PKCE and the […]

Securing an Angular application using Azure B2C

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using refresh tokens. Code: Angular Azure B2C History 2021-07-20 Updated to Angular OIDC 12.0.2 Setting up Azure B2C In the Azure portal, create a new App registration in your B2C tenant. […]

Getting started with Angular development 2020

This post shows how you could setup your development environment to create and manage Angular applications. Of course many other tools and ways could be used to develop Angular applications, not just the ones used here, but this setup works great for me. Install Node.js, npm or yarn, git Before you can install the Angular […]

Securing browser based Javascript, Typescript applications

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

Securing Angular applications using the OpenID Connect Code Flow with PKCE

In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]

Using an OData Client with an ASP.NET Core API

The article shows how to implement an OData client from an ASP.NET Core application. Bearer token authorization is used to secure the API. Code: https://github.com/damienbod/AspNetCoreOData This blog is part 2 from this blog: Part 1: OData with ASP.NET Core History 2020-11-22 Updated .NET 5 2020-07-06 Updated .NET Core 3.1, IdentityServer4 4.0.2 Setting up the applications […]