Posted by : at

Category : web-development   flask   angularjs   python

We will see how to implement token based authentication

Tech Stack we will use :

  • Flask ( Backend API in Python)
  • Sqlite ( Database )
  • AngularJS ( Frontend in Javascript )

So in order to do token based authentication, we first need to know what this “Token” actually is, and what is the flow of the authentication.

What is Token Based Authentication ?

The general concept behind a token-based authentication system is simple. Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password. Once their to ken has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site. Using some form of authentication: a header, GET or POST request, or a cookie of some kind, the site can then determine what leveI have an Angular application (SPA) that communicates with a REST API server and I’m interested in finding out the best method to store an access token that is returned from an API server so that the Angular client can use it to authenticate future requests to the API. For security reasons, I would like to store it as a browser session variable so that the token is not persisted after the browser is closed.

How does it work ?

1) The client makes a request to the API providing it with user credentials.

2) If this request is successful, the token is stored

3) Intercept HTTP requests. If token is set, pass it along as a header to API and user data is saved globally

4) Token is destroyed when the browser/tab is closed.

Building our App (coming soon)

Some reference :

-Handling User Authentication with Angular and Flask

-AngularJS authentication with cookies vs tokens

-AngularJS login and registration example

-Token Based Authentication using AngularJS and NodeJS

-Basics of Authentication

-[Secure your AngularJS Application SPA] (https://www.slideshare.net/carlo.bonamico/angularjs-security-defend-your-single-page-application)

-[Secure your SPA with Token Based Authentication] (https://www.slideshare.net/StefanAchtsnit/securing-single-page-applications-withtoken-based-authentication)