0

I'm currently building a frontend client for my own Apigility API. The API uses OAuth 2.0 Authentication which is working fine.

I want to create an AngularJS Landingpage to let the users authenticate by entering their credentials. Because the Client is created with JavaScript, I shouldn't save the client_secret in the Client, correct?

I have read a lot of posts, but still haven't the right solution. Is it correct to use the implicit grant type for this scenario? This procedure is working, I'm being redirected to the authentication server, after the client authorization and entering credentials, I get back to the client (authenticated).

But I don't want to get redirected to another authentication page. Is it also possible to authenticate directly and secure on the angularJS frontend?

Thanks, Simon

Simon Hagmann
  • 141
  • 1
  • 12
  • You must redirect the user to the authentication service domain. To be secure it needs to be a full-page redirect, rather than an iframe (and many login pages have logic to bust out of an iframe). Yes, implicit grant is what you are looking for – New Dev Jun 22 '15 at 20:40
  • Okay, I have done this. I'm using the AngularJS Module oauth-ng. I also set the app to html5mode. Now I have the problem that it doesnt extract the access_token anymore from the url. So it's not being saved in the local or session storage.. how can I solve this? – Simon Hagmann Jun 23 '15 at 14:40

1 Answers1

0

You should take a look at this post i made: https://stackoverflow.com/a/42443878/2963703 It details how to do this using the Spotify API. Your page won't get redirected, instead a popup window will open in which the user authorizes themselves. Once they're authorized the window will close itself and in your main page you will have the access token you need.

Community
  • 1
  • 1
stackPusher
  • 6,076
  • 3
  • 35
  • 36