JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties. In this post we will create an Angular interceptor to introspect JWT tokens.
Creating API’s has a certain rigor to it right from the design phase which is different from a UI based Web application. One of the areas where this is very apparent is communicating exceptions to the client. In a web application exception are communicated to the client using the UI with the most common being a 404 page. This page has been elevated to an art form now. The image below is a 404 page on Pixar’s website. ...
OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol. OpenID Connect is all about authentication while OAuth is an authorization protocol. In OAuth, authorization is delegated while in OpenID Connect, authentication is delegated. OpenID Connect allows clients to verify end users based on the authentication performed by an auth server. It is also used to obtain basic profile information about the end user in a standards-based, interoperable and REST-like manner. OpenID Connect provides a standard way to obtain user identity.A central part of the OpenID Connect specification is the ID Token. It provides an identity token with information about the user. It also defines an endpoint to get identity information for that user, such as their name or e-mail address. This endpoint is called the user info endpoint. The identity token is a simple JWT token signed by the OpenID provider(OP) through OAuth protocol to suit web, mobile, and browser-based applications.The Identity token is encoded into the base 64 URL-safe string that contains information such as subject (sub), issuing authority (iss), audience (aud), and more. It may also contain some extra information about the user or custom claims in a set of scopes. As OpenID Connect is built on top of the Oauth2 protocol, the flows are the same. It can be used with the authorization code grant and the implicit grant. It’s not possible with the client credentials grant, as the client credentials grant is for server-to-server communication.As part of the oAuth flow, Instead of only requesting an access token, we can request an additional ID token from the security token service (STS) that implements the OpenID Connect specification. The client receives an ID token, and usually, also an access token. The ID token is kept small with the minimal information in it. To get more information for the authenticated user, the client can then send a request to the user info endpoint with the access token. This user info endpoint will then return the claims about the new user. ...
JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties. In this post we will be implementing a JWT token server which will serve tokens to users with the appropriate credentials.
JSON Web Token(JWT) is an industry standard for security tokens used to securely transmit information between client and server as JSON objects.It provides a solution to the problem of passing claims between parties.
HTTP & HTTP/2 are both application level protocols that utilize a lower level protocol like TCP to talk on the Internet. The protocol of the Internet is TCP over IP over Ethernet.
In the world of Microservices, the prevalence of REST API’s has made client-side developers depend on them for even the smallest of applications. If you want to develop a Weather app, you better know how to connect to one of the Weather API’s. If you want to develop a stock ticker you better know how to connect to a stock ticker API. In the world of Angular 5 connecting to API’s requires developers to understand RxJs, Observables in particular. The new @common/http module provides all the functionality required to connect to an API. we can further make it reactive using observables and the corresponding operators from the Rxjs Libraries. A simple Angular service generally allows us to perform common HTTP actions ( Get, Post, Put, Delete ) and some uncommonly used actions such as Head and Patch. I generally follow the below pattern when I create an angular service. ...
One of the most common tasks in software development is to define specific environments and manage them to develop, test, promote and deploy code. This is essential to use different values for various resources such as API’s or databases in different environments. For e.g. you may use a low powered SQL Lite instance for local development but use a large instance in staging and production. Similarly, you may use a local instance of an API in development and a different instance in production. Generally, frameworks provide environment management patterns to enable switching resources based on the environment. ...
VS code is a nice IDE for typescript projects and is actually the fastest growing javascript and angular IDE. When working on typescript projects some of us do not like the explorer to be polluted with the transpiled js and the js.map files. Luckily VScode allows us to hide the js files from the explorer using workspace settings. To do this open workspace settings from File –> Preferences –> Settings. Click on the drop down box to select Workspace Settings. ...
During a design session a few folks in my team had questions on using a static class vs a class with static methods. We hit upon this when designing utility classes and extension methods.During the course of this discussion some of us were surprised about what I felt was basic knowledge and I was also caught out on a few which led me to documenting this down below. Static Class Marking a class as static means that a compile time check will be conducted to ensure that all members of the class are static. Since the CLR does not have a notion of static, marking a class as static translates it to an abstract sealed class. ( conversly you cannot mark a static class as abstract) Static classes always inhert from Object and you cannot have it derive from another class. You cannot inherit from a static class. Static classes cannot implement an interface. You cannot obviously instantiate a static class. It cannot have constructors and the compiler also does not create a default parameterless constructor. Defining extensions in C# requires us to implement the static extension methods in a static class. There is a minor performance gain to using static methods as documented in this code analysis performance tip. The performance gain is due to the fact that instance methods always use the this instance pointer as the first parameter which is a small overhead. Instance methods also implement the callvirt instruction in IL which also leads to a very small overhead. Non Static Class A non-static class can have static members. ( both methods and fields ). You can create an instance of a Non static class with static methods. Factory pattern is an example of a Non Static class implementing a static method to control object instatiation. Microsoft docs has an article on this topic here . ...