I am not really into authentication mechanisms so I have trouble figuring out how to design authentication mechanism with Angular front-end and Play Framework (Java) back-end. The basic idea is this:
Ideally I would like to like to use CSRF token. I have found very little sources about integrating Angular and Play authentication and none of them was complete enough to implement it on my app. Off course there are many sources about integrating Javascript and Play authentication, but this is quite different case.
So my question is how to design that, what frameworks / functionality use to make it work and how to integrate Angular and Play in that area. General steps to achieve that would be sufficient, ie: use that authentication framework in Play, implement that functionality in Play, use that methods in Angular, connect everything in that way etc. Of course, more specific instructions are also welcomed. Last thing, I want to store passwords hashes in database, any tips on how to hash them (any Play mechanisms or other frameworks) would also help.
You can use something like JWT to create a token and give it to your angular app. Basically the flow would be something like this:
Note that you may want to store those tokens (ex: in a database) if you want to implement something like token blacklist or auto renew of the tokens...
Other options are to generate yourself some kind of token (ex: a base64 random string) and store it in a database with the associated info you may need (expiration date, etc), or even just set a cookie in Play and let your app use it (you probably can't use directly the default Play cookie in Angular because it is HTTP only).
Regarding password hashing, you can use whatever scala/java library, but you should choose something secure. Usually I use BCrypt ,but there are a lot of other options (scrypt, pbkdf2, etc)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.