2

I am trying to understand how to implement password reset / forgot implementations using AngularJS (1.x) with Nodejs backend. I've read this great post on the backend part for Nodejs. I then read this SO post related to Angular and UI Router. I then read this SO post, again related to Angular and forgot password.

Tokens

I know for authentication in Angular, it deals with tokens. It seems that there are 2 main ways to create tokens, JWT and passport-jwt. Is one better over the other?

Confused about

Password Reset and Forgot functionality, from what I've read (and hopefully understand), are mostly performed server-side with just a little bit done on client side (what is the little bit?).

What exactly is performed on the client side when it comes to Password Reset and Forgot? What roles does/would AngularJS play in those 2 features? Is it possible to have AngularJS integrated somehow for those 2 features?

Community
  • 1
  • 1
user3125823
  • 1,846
  • 2
  • 18
  • 46

1 Answers1

0

I know for authentication in Angular, it deals with tokens. It seems that there are 2 main ways to create tokens, JWT and passport-jwt. Is one better over the other?

People here will definitely parse your use of the word "better" as it is a highly subjective term. Either way, in my experience, the best implementation is often the simplest one. When I need to wire up some simple authentication, I like to use jwt-simple and tend to think passport can be overkill. The most important thing when implementing authentication when using JSON web tokens is understanding the general concept behind it. It can be a bit confusing at first, but once you "get" it, its really quite straightforward.

What exactly is performed on the client side when it comes to Password Reset and Forgot?

On the client side, the old JSON web token – with the old/forgotten password – would need to be removed and replaced with the new one.

What roles does/would AngularJS play in those 2 features? Is it possible to have AngularJS integrated somehow for those 2 features?

All Angularjs – and really, any frontend code – handles in this process is the replacement of the JSON Web Token on the frontend.

Pytth
  • 4,008
  • 24
  • 29
  • thanks for the quick response! Can I still use AngularJS to render the views for those routes (reset and forgot) as long as I include the token as a url param (i.e. reset/:token)? – user3125823 Mar 08 '17 at 17:32
  • 1
    You can absolutely use angular for this stuff. Though you arguably CAN put the token in the URL, you could also use an Angular `$http.interceptor`, add it to the request header, or even just add it to the request payload. You can just have it such that when the controller of the view is instantiated, it immediately makes a request to the server to grab the info. – Pytth Mar 08 '17 at 17:50
  • No problem. I can't stress it enough to first understand HOW json webtokens work before trying to implement them. It will make your life MUCH easier. – Pytth Mar 08 '17 at 17:57
  • yes thanks for the advice on the HOW. Doing that now. – user3125823 Mar 08 '17 at 18:01
  • "handles in this process is the replacement of the JSON Web Token on the frontend" - do you have a link? – user3125823 Mar 08 '17 at 18:53
  • Sure, its pretty much just using the `localStorage` api. https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage – Pytth Mar 08 '17 at 18:56