Angular 4 OAuth Security Localstorage

Question

i'm getting started with angular 4. Now i try an authentication with oauth. If the credentials are right, the server sends the token to the client. Now i save it to the localstorage: localStorage.setItem('currentUser', data.access_token);

The authguard checks

 if (localStorage.getItem('currentUser')) {

Is this secure? Or are there further steps necessary?

score 0 · Accepted Answer · answered Jul 09 '17 at 18:40

0

This is the right way but you have to do it the following way.

Get token when sessions starts / Login
Use token to secure routes
Use token for REST API / HTTP Methods
Delete token when session ended / Log out

Your approach is correct, the steps are just to mention everything, explicitly.

answered Jul 09 '17 at 18:40

Subtain Ishfaq

793
9
16

Thanks for your reply. What happens if the user didn't really log out? The token is in the localstorage and the auth gard will pass the user. So where is the place to check if the token is expired? – HansPeter Jul 09 '17 at 21:49
Within the route you add method canActivate to verify token – Subtain Ishfaq Jul 10 '17 at 07:15

Angular 4 OAuth Security Localstorage

1 Answers1