Oauth 2.0 token based authentication

robinyo · July 27, 2015, 6:38am

And: http://robferguson.org/2015/07/27/authentication-for-ionic-apps/

ebreo · July 27, 2015, 9:05am

send it via query string

nonsense · September 12, 2015, 3:22pm

Could you help me to solve this problem?

Thanks before

esbozos · May 23, 2016, 5:32pm

Hi everyone, i know that this is a old topic, but i was working with some similar issue, but the the real problem is that implement the request for token with client_id and secret_id credentials from angular (or other client side method) is a bad practice. This exposing the app’s oauth credentials and will available from local source (browser console and JS source).

Then the best practice is make that request in server side and implement basic authentication form in your angular app (of course provide a SSL certificate for user send their data is safe way).

On server side depend of your favorite language (PHP, Python, Perl, Ruby, …) and response the token to the angular app with other data that you required.

The basic flow is:

Angular app send user credentials to server “username and password” (Post Method over HTTPS)
Server app get the user credentials and OAuth credentials of your app (ex. twitter app) that are stored in a safe place (not public)
Server app request the token to the authentication system (OAuth provider) and get de Token data.
Server Response to Angular app the user token.
Angular app save the token on localStorage, cookies and use it in Headers request.

Other aspect to consider is that OAuth provider response with a refresh_token, that will be use for renovate a token that is expiring. You should implement a safe method to store that token and use it to refresh the user token.

Is someone need a full example working code, please write me and i will provide the source.

nylex · June 12, 2016, 5:57pm

Please provide the source as that would help all of us. I am trying to implement oauth on ionic2.

nylex · July 9, 2016, 4:06am

Alright this case works, how would a refresh token work, what if a user logs into the application after 3 days and both token and refresh tokens are expired by that, they would want to login again? This never happens to Facebook or Twitter apps so i wonder how they manage refreshing tokens.

anuskaria · August 25, 2017, 11:30am

@aryan7 Can u please share ur correct code with interceptor …

Topic		Replies	Views
Help & Advice: Basic HTTP Authentication for API	7	8257	November 29, 2014
How to make Rest API Basic Authentication with AngularJS? ionic-v1	0	1540	October 15, 2016
Angular post return 401. Oauth2 ionic-v3	0	1141	August 17, 2017
Ionic HTTP Post v. Angular HTTP Post ionic-v1	17	14142	January 27, 2016
Basic Authentication for rest server ionic-v1	3	1450	February 7, 2015

Oauth 2.0 token based authentication

Related topics