Best Way For Token Validation in Angular
In a WebApp development with AngularJS which uses token validation for authentication purposes, what's the best way to do this validation? For example:
- Validate the Token every time I have a route transition. For this I have to make a rest call for everytime I want to validate.
- Validate the token just one time, with one rest call, and then store the token in local storage. (The token itself just have a boolean telling if it is authenticated or not)
My concern is to not make a rest call in every route transaction, I don't want to consume that much of http traffic. But, if there isn't another way, I will do that.
If we look into what a JSON Web Token (JWT) is (although you're not specifically referring to JWT, but simply to "token"), you will realize that once you got a JWT you do not need to validate it every time you make a transition in the client app (Angular). This is because JWT are usually signed, so the server can be sure the senders (in this case the Angular app) are who they say they are when they make a request.
What you need to do is to send the JWT on every request in a header to the API server every time you try to consume a resource. The server is in charge of checking that you are sending a valid JWT and to assign the proper permissions to that request in order to get access to the resources.
Concluding (and answering your questions)
1.Validate the Token every time I have a route transition. For this I have to make a rest call for every time I want to validate.
No, this is useless, since the given token is already signed by the server. If the token is manipulated in the client in any way the resource server will know it and will answer with the proper HTTP Status Code (usually a 401 HTTP Status).
What you can do is, in case the server respond with a 401, you can use a Refresh Token (if the server provides it) in order to get a new access token and use it again on every request. This way the final user will never know what's going on behind scenes (and won't see a login form again) because you won't ask him/her again about the username and password.
2.Validate the token just one time, with one rest call, and then store the token in local storage. (The token itself just have a boolean telling if it is authenticated or not)
This is a correct approach (and used by most people), this way you do not overload the traffic with unnecessary requests. Actually, when you get the access token, you do not need to validate it because as I said before the token itself is Self-contained (it contains all the required information about the user and other necessary data the token provider considers important).
If I were you I would read a lot about this since there is much more to get to know than what any answerer can put together in a single answer here on SO (I put some links to sources I've used and which describe pretty well these topics).
Bear in mind that all theses behaviors can be modified according to your needs and not all of them have to be the way I just described. I just put some examples of how it could be.
The image below will give you a big picture about all these matters I just described.
- Javascript: How to read a hand held barcode scanner best?
- Validate Bangladeshi phone number with optional +88 or 01 preceeding 11 digits
- how to disable google analytics on localhost
- Angular ng build transpile TypeScript outside of app folders?
- Web stress testing of AngularJS SPA ASP.NET MVC application in Visual Studio
- AngularJS ng-style with a conditional expression
- How to block +,-,e in input type Number?
- How to change width of a Sidenav in Angular Material Design?
- How to make a JSON formatter with JS and HTML?
- How can I clear previous toastr before showing the new one and set a timeout between them?
- If you are not using a .(dot) in your AngularJS models you are doing it wrong?
- ionic framework on transition of page or navigation displaying black screen
- Hybrid angularjs/angular app broken due to angular 13+ removal of deployURL
- Appium Inspector - Call to 'switchContext' failed
- Already included the file name.....?
- Getting ERROR Error: Uncaught (in promise): NullInjectorError: No provider for eF, when I hit the route whose component uses the service
- How to avoid loading data from server every time doing sorting/paging with ngtable
- How to do paging in Angular manually
- How to best perform paging and sorting from multiple sources in JavaScript mashup
- Pagination Navigation Not Displaying All Pages in React Component
- angularjs code changes do not show up after browser refresh
- SurveyJs with QuillJS and custom module counter
- How to display video or image in single tag?
- Application Structure API Consumed by Mobile & Web (React, Angular, etc)
- Angular Form Validation $invalid not working
- Why the ng-pristine class in AngularJS form always returns true
- How can I know if the $http response is brought from cache - angularjs
- Trying to assert a date format in Cypress that has white space
- Gulp + karma + jasmine + angular + singleRun:true = angular fails to inject
- if(process.env.NODE_ENV === 'production') always false