current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Dismiss
Announcing Stack Overflow Documentation

We started with Q&A. Technical documentation is next, and we need your help.

Whether you're a beginner or an experienced developer, you can contribute.

Sign up and start helping → Learn more about Documentation →
up vote 8 down vote favorite
4

While building my SPA with angularJS, i came to the point where i want to implement user authentication in my angularJS website. However, i have no idea where to start and what the best practices are.

Basically i have a sure that can have one or more roles. I've looked for examples so i could get a basic understanding of how to handle this properly, but so far i've only came across examples that are very simple or are not so secure (like this).

So my question is, how to I implement a authentication service using REST (or custom API urls) to authenticate a user, and then display the user information on the page using angularJS, while also ensuring best security coverage by using (for example) the csrf token from Laravel?

Thanks in advance, Nick van der Meij

share|improve this question
up vote 17 down vote accepted

I'm making an AngularJS app and an API RESTful made with Laravel 5 for the backend, and my approach for the authentication was:

  1. Installed jwt-auth. Basically extends the Auth model of Laravel adding authorization with tokens.
  2. Added simple role package to laravel. I used permiso. Has multiple roles/user and permissions/role. Very simple.
  3. Added jStorage to frontend. (you can use AngularJS module instead).

So the steps are:

  1. Frontend send user credentials (email and pass).
  2. Server checks, jwt-auth makes a token to that user and send it backs.
  3. Frontend save the token on the browser storage (no csrf needed with this approach).
  4. All next calls to the API are made with Authorization: Bearer header (or with ?token=... )
share|improve this answer
    
I want to implement the same format, but I have already implemented the user roles and permissions by Entrust package. @neoroger is it possible to implement the jwt-auth with Entrust with all user and role permission running? any help is much appreciated? thnx in advance. – Tarunn Jun 1 '15 at 14:11
up vote 8 down vote

I like the same approach that @neoroger takes using JSON Web Tokens with jwt-auth. I used the Satellizer package for storing the token on the front end and to send it along with each request to the API afterwards.

I put together a couple tutorials that show how to implement the two packages if you are interested:

https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

http://ryanchenkie.com/token-based-authentication-for-angularjs-and-laravel-apps/

share|improve this answer
    
I just finished reading your 2 articles and it has taught me so much. Love the approach and explanation on how to do it with JWT between Laravel and using Satellizer for Angular. Thank you. – Neel Jul 3 '15 at 18:37
1  
Awesome! Glad to help. – cienki Jul 4 '15 at 19:40
1  
:) I do have a question on how to use jwt.auth middleware to restrict access on all controllers. I have added that to the comments on that article. Today I was playing around the tutorial demo and I learnt so much about laravel and jwt authentication through that. Best tutorial I have read so far - no doubt! – Neel Jul 4 '15 at 19:46
    
Thanks @blackops_programmer ! – cienki Jul 5 '15 at 23:20
    
I'm using this tutorial but I can't login. – sakarya Jul 26 '15 at 22:21

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.