How to build a user authentication workflow with AngularJS using RESTful module?

by Adam S   Last Updated January 11, 2019 09:07 AM - source

I'm building a single page app with AngularJS and Drupal as the backend. I'm using the RESTful module. However, I do not have much to go on to build a user authentication workflow.

There are several techniques to authenticate users with a SPA. For example, storing session information in a cookie or in a token. In order to keep a persistent authentication with a token, AngularJS stores the token in local storage. I've been reading that this causes security risks because other scripts are able to access local storage.

Also, RESTful comes with a token authentication module which stores tokens on the server.

The first question is which form of persistent authentication to use? Do I have to completely make the SPA headless Drupal? If the app is headless, using token authentication, do I have to completely remove all the out of box user authentication workflow, for example, resetting a user's password, from the app? Is there a hybrid solution? If the information is being consumed and altered by mobile apps and other non standard means, is using cookie authentication out of the question? If that is the case, on a desktop app, how do I prevent users from accessing user URIs? Basically, I have no clue what is going on and there isn't much information about secure solutions.

Tags : 8 services users

Answers 1

Do headless means no layout and block display at all ? i believe u can leave CAS drupal module do the job ( and a connection menu )

December 07, 2015 13:19 PM

Related Questions

Register a user through URL in drupal 8

Updated March 29, 2017 16:07 PM

GET list of all roles on Drupal 8 via REST

Updated July 02, 2018 15:07 PM

Missing required argument name in login

Updated August 17, 2016 08:04 AM

Services Module Unable To Update User Fields

Updated September 27, 2016 09:03 AM