Angular: Guards and Interceptor

 

JWT Token Authentication in Angular: 

Guards and Interceptors

Understanding the Concepts

JWT (JSON Web Token): A compact, URL-safe means of representing claims to be transferred between two parties. In authentication, it's used as a token that proves the user's identity.

AuthGuard: A service in Angular that determines if a route can be activated based on certain conditions (like whether the user is authenticated).

Interceptor: A service that can intercept and modify HTTP requests globally before they are sent to the server.

Why: Purpose of Implementation

  • Security: Protect routes from unauthorized access

  • Efficiency: Automatically attach tokens to outgoing requests

  • Consistency: Centralize authentication logic

  • User Experience: Redirect unauthorized users appropriately

Step-by-Step Implementation

Step 1: Set Up Angular Project


ng new angular-jwt-auth
cd angular-jwt-auth

Step 2: Install Required Packages


npm install @auth0/angular-jwt

Step 3: Create Auth Service

Create auth.service.ts:


import { Injectable } from '@angular/core';

import { Router } from '@angular/router';
@Injectable({
  providedIn: 'root'
})
export class AuthService {
  constructor(private router: Router) {}
  
  // Store JWT token in localStorage
  setToken(token: string): void {
    localStorage.setItem('jwt_token', token);
  }
  
  // Retrieve JWT token from localStorage
  getToken(): string | null {
    return localStorage.getItem('jwt_token');
  }
  
  // Check if user is logged in (token exists and not expired)
  isLoggedIn(): boolean {
    const token = this.getToken();
    if (!token) return false;
    
    // In a real app, you should also check token expiration here
    return true;
  }
  
  // Logout user by removing token
  logout(): void {
    localStorage.removeItem('jwt_token');
    this.router.navigate(['/login']);
  }
}

Step 4: Create Auth Guard

Create auth.guard.ts:

import { Injectable } from '@angular/core';
import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
import { AuthService } from './auth.service';

@Injectable({
  providedIn: 'root'
})
export class AuthGuard implements CanActivate {
  constructor(
    private authService: AuthService,
    private router: Router
  ) {}

  canActivate(
    next: ActivatedRouteSnapshot,
    state: RouterStateSnapshot
  ): boolean {
    if (this.authService.isLoggedIn()) {
      return true; // Allow access if user is authenticated
    }
    
    // Redirect to login page if not authenticated
    this.router.navigate(['/login'], { queryParams: { returnUrl: state.url } });
    return false;
  }
}

Step 5: Create JWT Interceptor

Create jwt.interceptor.ts:


import { Injectable } from '@angular/core';
import {
  HttpRequest,
  HttpHandler,
  HttpEvent,
  HttpInterceptor
} from '@angular/common/http';
import { Observable } from 'rxjs';
import { AuthService } from './auth.service';

@Injectable()
export class JwtInterceptor implements HttpInterceptor {
  constructor(private authService: AuthService) {}

  intercept(
    request: HttpRequest<unknown>,
    next: HttpHandler
  ): Observable<HttpEvent<unknown>> {
    // Get the token from auth service
    const token = this.authService.getToken();

    // Clone the request and add the authorization header if token exists
    if (token) {
      request = request.clone({
        setHeaders: {
          Authorization: `Bearer ${token}`
        }
      });
    }

    // Pass the cloned request to the next handler
    return next.handle(request);
  }
}

Step 6: Register the Interceptor

In app.module.ts:

import { NgModule } from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';
import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
import { AppRoutingModule } from './app-routing.module';

import { AppComponent } from './app.component';
import { JwtInterceptor } from './jwt.interceptor';

@NgModule({
  declarations: [AppComponent],
  imports: [BrowserModule, HttpClientModule, AppRoutingModule],
  providers: [
    {
      provide: HTTP_INTERCEPTORS,
      useClass: JwtInterceptor,
      multi: true
    }
  ],
  bootstrap: [AppComponent]
})
export class AppModule {}

Step 7: Protect Routes in Routing Module

In app-routing.module.ts:


import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { AuthGuard } from './auth.guard';
import { LoginComponent } from './login/login.component';
import { DashboardComponent } from './dashboard/dashboard.component';
 const routes: Routes = [
 { path: 'login', component: LoginComponent },
 {
 path: 'dashboard',
 component: DashboardComponent,
 canActivate: [AuthGuard] // Protected route
 },
 { path: '', redirectTo: '/dashboard', pathMatch: 'full' }
];
 @NgModule({
 imports: [RouterModule.forRoot(routes)],
 exports: [RouterModule]
})
export class AppRoutingModule {}

Step 8: Implement Login Functionality

In your login component:


import { Component } from '@angular/core';
import { AuthService } from '../auth.service';
import { Router } from '@angular/router';

@Component({
  selector: 'app-login',
  templateUrl: './login.component.html',
  styleUrls: ['./login.component.css']
})
export class LoginComponent {
  constructor(
    private authService: AuthService,
    private router: Router
  ) {}

  login(username: string, password: string): void {
    // In a real app, you would call your authentication API here
    // For demo purposes, we'll just simulate a successful login
    const fakeToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'; // This would come from your API
    
    // Store the token
    this.authService.setToken(fakeToken);
    
    // Redirect to dashboard or returnUrl
    this.router.navigate(['/dashboard']);
  }
}

Step 9: Implement Logout Functionality

In your navbar or wherever you have logout:


logout(): void {
     this.authService.logout();
}

Best Practices

  1. Token Storage: Consider using more secure storage methods than localStorage for production (like HttpOnly cookies)

  2. Token Expiration: Always check token expiration in your AuthService

  3. Refresh Tokens: Implement token refresh mechanism for better UX

  4. Error Handling: Handle 401 unauthorized responses globally

  5. Secure Routes: Protect both frontend and backend routes

Common Issues

  1. Interceptor Not Working: Make sure you've provided it in the AppModule

  2. Route Protection Issues: Verify the guard is properly implemented and added to routes

  3. Token Not Attached: Check if the token exists before cloning the request

  4. CORS Problems: Ensure your backend accepts requests with Authorization header

Comments

Post a Comment

Popular posts from this blog

Interview Tips: Dot NET Framework vs Net CORE

Image
Interview Tips: Dot NET Framework vs Net CORE .NET Framework What :  It's a software development framework created by Microsoft, mainly used for building Windows applications. Why :  It has been around for a long time and is very reliable for building large, complex applications especially for enterprises. How :  You use it to build applications that run exclusively on Windows, making use of a vast array of built-in libraries and features. Why Not :  It can't be used for cross-platform applications, so if you need your application to run on other operating systems like macOS or Linux, .NET Framework isn't the right choice. .NET Core What :  It's a newer, open-source, and cross-platform framework from Microsoft, designed for modern app development. Why :  It's lightweight, high-performance, and can run on multiple operating systems (Windows, macOS, Linux). How :  You use it to build modern, scalable, and quickly deployable applications, especially cloud...
Read more

FREE Webinar: Run Your Own Independent DeepSeek LLM

Image
Faith Infotech Academy, Technopark invites you to an exclusive FREE webinar on "Run Your Own Independent DeepSeek LLM" , where you’ll learn how to deploy and manage DeepSeek LLM effectively. Speaker:  Abhilash Nelson  Trainer & Researcher in AI & Machine Learning  An expert in AI and machine learning, Abhilash will guide you through the process of setting up and running your own independent DeepSeek LLM, empowering you with insights into model deployment, fine-tuning, and real-world applications. What You’ll Learn: ✅ Understanding DeepSeek LLM and its capabilities ✅ Setting up DeepSeek LLM on your own infrastructure ✅ Fine-tuning and optimizing the model for various applications ✅ Use cases and practical demonstrations Key Takeaways: ✅ Mastering DeepSeek LLM for Developers ✅ Boost Your VS Code workflow ✅ Learn to Run DeepSeek locally for AI assistance 📅 Date: 6 February 2025, Thursday 🕒 Time:  10.00 to 11.00 AM 📍 Mode: Online (Webinar link will be shar...
Read more

Delegates and Events

1. What are Delegates in C#? Explain: Delegates are type-safe function pointers. They act as a placeholder for methods that have a specific signature (return type and parameters). Analogy: Imagine a delegate as a contract. It specifies the "shape" of the method it can hold. Any method that fits that shape (same return type and parameters) can be assigned to the delegate. Example: public delegate int MathOperation(int x, int y);  // Define a delegate // Methods that match the delegate signature public int Add(int x, int y) { return x + y; } public int Subtract(int x, int y) { return x - y; } // Use the delegate MathOperation operation = Add; // Assign the Add method to the delegate int result = operation(5, 3); // Call the method through the delegate 2. What are Events in C#? Explain: Events are a mechanism for broadcasting notifications to interested parties (subscribers). They are built upon delegates. Analogy: Imagine an event as a doorbell. When someone presses the d...
Read more