I need to build a Single Page Application based on AngularJS that will retrieve data from a REST API. Those REST services are secured using Basic Auth + HTTPS.
Is there any secure way to provide a user session in a SPA? I mean, without extra components like a Token provider (e.g. OAuthV2). I'm thinking on a login page for authenticating the user access to the APP for a time period, as well as a logout action.
More questions:
1) The Basic Auth needs the user credentials on each request. However, the SPA should not store the user credentials for sending them on each request, right? (Is the Local/Session Storage visible in a HTTPS webpage?)
2) Do the browser automatically send the Basic Auth header after authenticating the first request? Then, is there any way to log out?
Many thanks! Sergi
I'd appreciate an expert opinion, but this seems to work:
Unlike Local Storage, the cookie containing the user credentials cannot be read since the communication is secured by HTTPS.