Yesterday, I delivered a session at Techorama, Belgium’s leading IT dev conference.
The session was named Angular, OAuth2 and OpenID Connect, Heaven or Hell?, and in the session I covered how you can secure your Angular application with OIDC. It includes information on how to integrate the correct flow (Implicit), with the help of IdentityServer & the OIDC Token Manager, how to work with identity-related information on the client, and how to achieve long-lived access.
A short description of the session:
A lot of applications these days are built with Angular, talking to an API. But how do you secure something like that? Which parts CAN you secure – ie: what makes sense? And is that simple custom token endpoint used for authorization reallysufficient (note: probably not)? Learn how you can correctly use OAuth2 & OpenID Connect from an Angular application. We’ll look into what you should use, what the risks are, how to implement support for this, and – very important – what NOT to do. After this session, authorization & authentication for your Angular applications using OAuth2 & OpenID Connect should have no more secrets for you.