2

This is the idea of authentication of my system. When user trying to access the dashboard of my system. My system will perform a canActivate method form the AuthGuard to check whether the user bring oauth token together with him.

If the user is not bringing the token together token === null, my system will redirect the user to external authentication server (identity server) login page. Once the user successfully login at the identity server, the identity server will send the JWT token back to the my system.

My question is, how the identity server will send the token back to my system and how my system gonna receive it?

For every tutorial and question that i found when Googled, they are use call the API to perform the authentication. They never redirect the user to other external identity server to perform authentication.

Project flow and problem

enter image description here

I am not hoping someone to write a code for me. Just any article, tutorial, documentation on how to achieve this kind of flow are greatly appreciated.

James Z
  • 12,209
  • 10
  • 24
  • 44
ameruddin jamil
  • 155
  • 4
  • 18

1 Answers1

0

My question is, how the identity server will send the token back to my system and how my system gonna receive it?

It sounds like it depends on the 3rd party authentication service, but typically you can configure the authentication service with a callback URL which it will redirect the user to after successful authentication. Additionally, the auth service may send authentication details (like an auth token) along when it redirects to the callback URL. In this scenario you would configure your app to receive auth details at this callback URL as appropriate.

Again though, this is just a common setup I've seen. Whoever's set up the 3rd party auth service you are using probably has information for what happens post-authentication.

John
  • 9,249
  • 5
  • 44
  • 76
  • Hi @John, thanks for the reply. is there any reference or tutorial that i can refer on how to receive the auth details at the callback URL ? Thank you very much – ameruddin jamil Jan 06 '19 at 15:19
  • is this callback URL is the new angular component ? and the authentication server will go to this component with the authentication details in the header ? – ameruddin jamil Jan 06 '19 at 15:25
  • @ameruddinjamil again, it's going to depend on how the 3rd party authentication service is set up. You'll need to ask them. As an example for a specific company, you can look at the [Auth0 docs for how to integrate the Auth0 service into a web app](https://auth0.com/docs/quickstart/webapp). Other companies will do it differently. Facebook and Google signin APIs are often interacted with solely through javascript using an SDK which handles most of the details for the developer. – John Jan 06 '19 at 18:21
  • The rails Auth0 example involves a callback URL I imagine other examples do as well. – John Jan 06 '19 at 18:24
  • thanks again for the response. i'll take a look deeper into this callback URL and integration of Auth0. one more thing sir, I believe the Oauth2 is the latest version than the Auth0 ? correct me if i am wrong. Should my system be using the Oauth2 ? – ameruddin jamil Jan 07 '19 at 01:35
  • @ameruddinjamil Auth0 is the name of a proprietary company offering authentication services. The similarity in the names was, I imagine, a marketing decision. Oauth2 is a specification. Auth0 is a company name. – John Jan 07 '19 at 01:38