Demonstration of 2 different ways to achieve Authentication in an SPA with a back-end, for instructional purposes.
It contains 2 modules: AuthCookiesModule (standard Cookie-based authentication) and AuthTokensModule (a-la OAuth, no cookies, just access token and refresh token w/ rotation).
In AppModule, change the value of tokensOrCookies to load either of these 2 modules.
This project does not use OAuth/OIDC to connect with an Authorization Server. The token strategy is a custom solution inspired by OAuth but it can be less secure.
At least make sure that your server absolutely implements Refresh Token Rotation and Reuse Detection!
For instructional purposes I've made multiple demos with Node/Express, feel free to use either of these, they should both work out of the box with this project:
- Use this server if you want to test the Cookie strategy.
- Use this server if you want to test the Tokens strategy.
This project was generated with Angular CLI version 12.0.4.