How Authorization Token Works?

Question

I am trying to understand how the Token system works between Web api and Angular JS for the authentication purpose. Please correct me if I am wrong. The token is stored in a database table and add the token manually on our client application to accompany every request we make from the client. Thanks.

Answer 1

If you are new to the web API, i can offer you an advance seed project for web api.

This project will help you with token work logic and many other topics and will allow you to develop applications faster.

Web Api Advance Seed

Answer 2

Most tokens are JSON Web Tokens these days. Introduction to JWTs: https://jwt.io/introduction/.

1. The calling app presents some credentials to the token service and asks for a token for some API
2. Service generates a token with some claims in it that say who the caller is and what permissions they might have on the API
3. Service signs the token with a digital signature (so it can't be modified) and returns it to the calling app
4. Calling app can then attach the token to AJAX requests to the API
5. The API can validate the token by validating the digital signature
6. If the token is valid, the API can get the caller info from the claims in the token

You don't need to store the tokens anywhere on the service side. The signatures allow any service to validate the token without DB calls.

Answer 3

As @dee said it depands upon the approach you are using.The approach you are talking about has following steps

1.Send login request to web api

2.If success Generate a token on server side and store it in db and return as response as well

3.On client side store the token somewhere may be in browser memory

4.Use $http Interceptors to interpt every api request and append the token to headers suppose header name is x-access-token

5.On api side create some custom aurization attribute check the x-access-token header for every request get the token out of it and match it in db