best practice for authentication and token in angular 4/5

Question

I'm working on Angular app and now I need to implement authentication. My app is hosted on AWS S3 bucket, I use a postgreSQL on AWS RDS and to read data from the database I use php functions hosted on AWS EC2.

At the moment I'm struggling with what authentication method I implement and I'm looking for a simple but efficient tutorial with my architecture.

I need token to verify the origin of the calls.

Which authentication method is best for my use and integrates better?

I've read about these possibilities: jwt, amazon cognito and auth0 but I'm not able to decide because I'm pretty new to angular. Along with the answer, can you link me to the best tutorial? thank you

Answer 1

Just like you I have tried various authentication methods And finally ended up with Auth0. Auth0 Provides the easy way of integrating the authentication and its free as well.

https://manage.auth0.com/#/

1. just signup for the acccount
2. Create client
3. Follow the Angular 2+ instructions

For your convenience, I have implemented the Auth0 in Angular5 project. https://github.com/ragavanrajan/expenseTracker

please follow the readme ( especially first steps) before you serve it.

Answer 2

If you do not go into the complexities of multifactor authentication or authentication with Google or Facebook credentials, the simplest authentication mechanism is based on the idea put forward in the "Resource Owner Password Credentials Grant" of the OAuth 2.0 specification.

At a high level, how it works has been outlined here in this StackOverflow answer: https://stackoverflow.com/a/41650550/1235935

From the Angular perspective, the handling of the API calls would look like the code shared in the following StackOverflow answer:

https://stackoverflow.com/a/47969120/1235935

Depending on the technology and platform you use in the back-end, the code may need some change. However, more or less the idea will remain the same.