授权 - Angular + Spring + wso2
[英]Authorization - Angular + Spring + wso2
问题描述
I've never implemented an application that needed to handle user authentication and authorization.
我从未实现过需要处理用户身份验证和授权的应用程序。
Now I'm trying to implement an app that has a front-end build with angular and a back-end build with spring security.现在,我正在尝试实现一个应用程序,该应用程序具有 angular 的前端构建和 spring 安全性的后端构建。 And I want to user Wso2 identity server as an identity provider.我想将用户 Wso2 身份服务器用作身份提供者。
My doubt is, should i use a library like angular-oauth2-oidc or Asgardeo in the front-end and call the endpoint for the identity server authorization server from here;我的疑问是,我应该在前端使用像 angular-oauth2-oidc 或 Asgardeo 这样的库,并从这里调用身份服务器授权服务器的端点吗? or should I call an api that I should implement in the backend and that api calls the identity server authorization server endpoint and returns to the front-end the access token generated?或者我应该调用我应该在后端实现的 api 并且 api 调用身份服务器授权服务器端点并将生成的访问令牌返回到前端?
1 个解决方案
解决方案1
0 2022-12-05 21:24:50
Use an OIDC client lib for Angular. My favorite is angular-auth-oidc-client .为 Angular 使用 OIDC 客户端库。我最喜欢的是angular-auth-oidc-client 。 It will handle:它将处理:
- redirections to and from authorization-server重定向到和来自授权服务器
- exchange of authorization code for tokens交换令牌的授权代码
- access-token refreshing (silently, just before it expires)访问令牌刷新(静默地,就在它过期之前)
- requests authorization (HTTP interceptor to set authorization header with access-token)请求授权(HTTP 拦截器使用访问令牌设置授权 header)
It also provides with Angular route guard to redirect to login when an unauthorized user tries to activate a protected route.它还提供 Angular 路由保护,以在未经授权的用户尝试激活受保护路由时重定向到登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.