Search Posts

Category: jwt

AngularJS token authentication with sliding expiration in state transitions with ui-router version 1.x

In our application we have a requirement that user should be logged in for a certain amount of time which is configurable by system admin, say 10 minutes. We have another requirement that the when user navigates to different parts of the app, this time should be refreshed and set back to that configured amount. Our application is written in AngularJS and we use ui-router for routing, So when user navigates between different states, time […]

AngularJS SPA needs to reload to recognize the jwt token in localstorage

how to AngularJS SPA needs to reload to recognize the jwt token in localstorage everything good ? Today I need your help to solve a token authentication problem (jwt) in my SPA AngularJS application (I use NodeJS in the backend). When I log in, the credentials are validated in the backend and if I succeed I get a token that is stored in localstorage. But when I start making my requests to the protected endpoints […]

Problems combinding JWT Bearer Authenticating Web API with Asp.Net Core 2.0

I have the following setup: Web API with JWT Bearer Auth Asp.Net Core 2.0 MVC handling identities and providing views AngularJS – client Angular is requesting JWT token and passing it on subsequents http requests. AJAX calls are working fine. The problem is if I request an MVC action with [Authorize] through my browser, that token is obviously not validated, because there is no cookie and no auth header. How would I go about implementing […]

Securing REST + AngularJS with JWT or OAuthv2

I’m pretty new to REST security and am trying to build an AngularJS (Angular 1) app that integrates against a RESTful web service as its backend. This web service will be how the app (frontend) fetches and writes all data. The app will initially be the REST service’s only client, but eventually I’d like to open the service up as an exposed public API, not only used/consumed by my Angular app. I’m trying to figure […]

How to specify response headers to CORS?

I am building a backend REST API in spring and my friend is building a Angular JS front end app to call my API.I have a token header with key Authorization and a value which gives access to the service otherwise it refuses.From Postman and REST client I am able to receive the API but when tested he says he gets 401 Unauthorized Error on preflight.Below is my doFilterInternal method. protected void doFilterInternal(HttpServletRequest request, HttpServletResponse […]

Wait for authentication response from server before executing any Angularjs app

I have an AngularJS app (bootstrapped using ng-admin) contained within an admin backend where initial login to it is handled via LDAP. When the Angular app loads for the first time, it needs to make an API call (using Restangular) to the server to fetch a token plus derive a separate API url to use. Once the token is returned, it’s stored in localStorage and then passed to all subsequent API calls. Because I’m not […]

Is it bad security to save jwt in cookie to pass it to local storage?

In order to get my twitter sign in to work with jwt sessions and angularjs, I have created a jwt with twitter username and display name, passed it as a cookie and saved it to local storage. Here’s some relevant code: Log in users and save cookie: app.get(‘/login/twitter’, passport.authenticate(‘twitter’)); app.get(‘/login/twitter/callback’, function(req, res) { passport.authenticate(‘twitter’ , {session: false} , function(err, user, info) { if(err) { console.log(err); } var token; token = user.generateTwitterJwt(); // res.status(200); // res.json({ […]

Cors configuration not working spring boot + angular [duplicate]

This question already has an answer here: Response header is present in browser but not parsed by Angular $http response.headers() 2 answers i’m trying to get authentication token from header “autherntication” using angular, but when i use “console.log(response.headers()); i got only 1) cache-control 2) expires 3) pragma in dev tools there are all headers, i tried a log of filters but nothing working 🙁 , thanks for any help ! Fragment of Web configuration @Override […]