发表新帖
发表新帖

AngularJS - store basic authentication on login

后端 未结
关注
5 1841
忘掉有多难
忘掉有多难 2021-01-18 07:35

I\'m banging my head on a wall with this - I\'m relatively new to working with APIs and have yet to do anything that requires authentication.

I\'m stuck with sendin

5条回答
  • 甜味超标
    甜味超标 (楼主)
    2021-01-18 08:03

    Currently I am working on a project which deals with the same problem as yours. As well, being new to Angular framework myself, I usually try to find a solution created by others and adapt it to my needs.

    angular-basicauth

    To deal with the basic authorization I have found an Angular module hosted here: https://github.com/iandotkelly/angular-basicauth.

    It describes the configuration clearly, so I am not going to rewrite it all here. I think it serves all the purposes you would require it to. However, when using some already made solution you have to accept it's drawbacks. The one I really do not like is:

    Please note this module stores unencypted username & password in local-storage or cookies, so is susceptible to attack from code from the same domain

    Since the module I have posted is based on MIT license you are free to grab the source code and play with it as you like. The solution is fairly simple and I believe modifying it is not a big deal. For instance, because I have found the cookie part unacceptable, I do not use cookies at all.

    With this approach you have to modify it in a way you keep all the credentials stored in the angular service/factory (ie. authService) in a variable and read its' value when needed.

    On the other hand, this modification brings a certain issue of manual reload of a page. In such case, since you reinitialize angular states, the user will be asked again to log in to your application. Unfortunately, there is no way (that I know of) that deals with basic-auth and lets you store the credentials safe. And since there is no session you could try to restore, you are basically choosing between unsafe local storage or in-memory variable (which seems safe enough for me).

    warning

    By using basic-authentication you are of course accepting all the limitations it has and obviously the biggest one would be the base64 encoding of your credentials which is easily decipherable. Without using a secured protocol you are actually exposing the user data nearly in the same way as you would be by sending it as a plain text.

    0 讨论(0)
 看不清?
提交回复
热议问题