Software Development

What are the best practices for Secure Authentication in Angular 18?

LI Asked by Linda Garcia · 20-07-2023
0 upvotes 11,339 views 0 comments
The question

I'm building a secure client portal and I'm looking for the most modern way to handle JWT authentication. Should I still be using HttpInterceptors for attaching tokens, or is there a more "functional" way to do this now? Also, with the deprecation of certain routing guards, what is the recommended way to protect routes and handle redirects if the user's session expires? I want to ensure I'm following 2024 security standards.

3 answers

0
SU
Answered on 10-10-2023

In Angular 18, you should definitely move toward functional interceptors. Instead of the old class-based approach, you can define your interceptor as a simple function and provide it in your app.config.ts using withInterceptors([authInterceptor]). For route protection, the "Class-based Guards" are indeed deprecated; you should use "Functional Guards" now. They are much easier to test and can be defined right in your route configuration. For session expiry, I usually combine an interceptor to catch 401 errors with a central AuthService that triggers a redirect to the login page. 

0
S
Answered on 15-10-2023

Comment: You use the inject() function, William! Since functional interceptors run within an injection context, you can just call const authService = inject(AuthService); at the top of your function. It’s actually much cleaner than the old constructor-based DI and makes the code a lot more readable. This pattern is being used everywhere in modern Angular, including inside components and pipes.

SU 15-10-2023

You use the inject() function, William! Since functional interceptors run within an injection context, you can just call const authService = inject(AuthService); at the top of your function. It’s actually much cleaner than the old constructor-based DI and makes the code a lot more readable. This pattern is being used everywhere in modern Angular, including inside components and pipes.

0
JO
Answered on 18-10-2023

Don't forget to use canActivate: [() => inject(AuthService).isLoggedIn()] for your routes. It's the standard functional way to protect components. 

L 20-10-2023

Exactly! Functional guards like the one Joseph mentioned are so much more concise. No more creating a whole file just for a simple true/false check.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session