单页应用程序(SPA - Angular)和身份验证最佳实践?
[英]Single Page App (SPA--Angular) and Authentication Best Practices?
问题描述
We are investigating the best ways to integrate standard authentication (login) with our Angular SPA. 
我们正在研究将标准认证(登录)与我们的Angular SPA集成的最佳方法。 We have come across two patterns (see below) and would like to see which is perceived as a 'better' architecture to integrate authentication into our Angular website. 我们遇到了两种模式(见下文),并希望看到哪种被认为是一种“更好”的架构,可以将身份验证集成到我们的Angular网站中。
PATTERN 1--KEEP LOGIN SEPARATE from the SPA (see here ): In this pattern the login process is done outside of the SPA (separate page load) and once user is authenticated they are redirected to the SPA (another page load). 模式1 - 保持与SPA的分离(参见此处 ):在此模式中,登录过程在SPA之外完成(单独的页面加载),一旦用户通过身份验证,它们将被重定向到SPA(另一个页面加载)。
PATTERN 2--INTEGRATE LOGIN INTO SPA (see here and here ): In this pattern, the authentication process is within the SPA and login state is managed through the Angular router and services. 模式2 - 集成登录到SPA(参见此处和此处 ):在此模式中,身份验证过程在SPA中,登录状态通过Angular路由器和服务进行管理。
We are leaning towards PATTERN 2, however we would like to hear from the SO community what your thoughts are and how you compare these two patterns. 我们倾向于PATTERN 2,但是我们希望从SO社区中听到您的想法是什么,以及您如何比较这两种模式。
Thank you! 谢谢!
1 个解决方案
解决方案1
6 2014-04-22 08:47:14
I was considering the same a few months back and finally decided to go with the login inside the SPA solution. 几个月前我正在考虑同样的事情,最后决定在SPA解决方案中登录。
I think the determining factor for deciding between the two approaches is if you would mind loading the full application before a user is logged in. 我认为决定两种方法之间的决定因素是,如果您想在用户登录之前加载完整的应用程序。
If the login is part of the SPA then the bootstrapping will have taken place before the login is presented to the user. 如果登录是SPA的一部分,则在向用户显示登录之前将进行引导。 This has two disadvantages. 这有两个缺点。 First you load a lot of js, css etc that you might not even need upfront. 首先你加载了许多你甚至可能不需要的js,css等。 Secondly you give unauthorized users access to your code. 其次,您授权未经授权的用户访问您的代码。 I consider both to be minor issues as they can both be addressed but still there to consider. 我认为两者都是小问题,因为它们都可以解决但仍有待考虑。
If the login is separate from the SPA, it gives you a maintenance overhead since you have to maintain something outside your application and also requires integration with your app (eg theming, logos, fonts etc). 如果登录与SPA分开,则会给您带来维护开销,因为您必须维护应用程序之外的某些内容,并且还需要与您的应用程序集成(例如主题,徽标,字体等)。 But then again, Gmail is doing it :P 但话说回来,Gmail正在这样做:P
I do not know what server technology you are using, but google's presentation from ng-conf offers some great solution to the above problem (unfortunately I had already implemented my solution when this came out) 我不知道你使用的是什么服务器技术,但是来自ng-conf的google演示文稿为上述问题提供了一些很好的解决方案(不幸的是,我已经实现了我的解决方案)
https://docs.google.com/file/d/0B4F6Csor-S1cNThqekp4NUZCSmc/edit (slide 9 ownwards) https://docs.google.com/file/d/0B4F6Csor-S1cNThqekp4NUZCSmc/edit (幻灯片9自己)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.