Reputation: 25790
Spring OAuth2 and authentication/authorizatiuon in AngularJS application
I have implemented Spring Boot back-end application with RESTful web services secured by OAuth2.
Right now I'm working on my client-side application which should be written in AngularJS.
During the developing back-end application in order to authenticate/authorize user previously for tests I used following command(for example with curl):
curl -X POST -vu clientapp:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password1&username=username1&grant_type=password&scope=read%20write&client_secret=123456&client_id=clientapp"
Right now I'm thinking on the approach for user authentication/authorization from client side (from AngularJS application).
I don't think it is safe to place somewhere at client side(internet browser) information like client_secret and client_id. Am I correct ? If so, could you please tell me the correct approach how the user can be authenticated with my OAuth2 and AngularJS without security violation.
Upvotes: 1
Views: 186
Answers (1)
Reputation: 120781
OAuth 2.0 support different Grant-Types (sometimes called "flows"). OAuth has a special Grant-Type for your use case: implicit grant - it works without client secret.
Upvotes: 1
Related Questions
- spring-security-oauth2-authorization-server + angular-auth-oidc-client
- spring-authorization-server and OpenId Connect and angular-oauth2-oidc
- Spring OAuth 2.0 Client returns 401 Unauthorized after entering correct credentials
- OAuth2 with Angular and reactive Spring Security
- How to handle an External OAuth2 auth with Spring Boot + Angular
- Angular 4/5 + Spring Boot + Oauth2 support
- How to connect angular 2 application with spring-oauth2 server?
- SOA Spring Angular2 OAuth2 Security
- Spring Security OAUTH2 getting token with username/password
- Angular JS + Node JS + Passport + Spring OAuth2 Authentication/Authorization