1.0.6 • Published 7 years ago

angular-passport v1.0.6

Weekly downloads
MIT (Freely you r...
Last release
7 years ago


Angular module for PassportJS login and API auth. Strategies: Basic, JWT, Hash


npm install angular-passport


Include these modules in your app because they are required for angular-passport to work properly:

  • ngCookies (https://docs.angularjs.org/api/ngCookies)
  • ui.router (https://github.com/angular-ui/ui-router)

    	var clientApp = angular.module('clientApp', [
    	    // 'ngPassport.JWTStrategy',
    	    // 'ngPassport.hashStrategy'


If you use Browserify

var ngPassportBasic = require('angular-passport').ngPassportBasic;

/* configure */
ngPassportBasic.constant('NGPASSPORT_CONF_BASIC', {
    // API_BASE_URL: '',
    API_BASE_URL: 'http://localhost:9005',
    API_AUTH_PATHNAME: '/examples/auth/passport/basicstrategy',
    URL_AFTER_SUCCESSFUL_LOGIN: '/examples-spa/login/basic/page1',
    URL_AFTER_LOGOUT: '/examples-spa/login/basic/form'

If you include it into HTML file (compiled version)

<script src="... /angular-passport/dist/js/ngPassport.js"></script>
    ngPassportHash.constant('NGPASSPORT_CONF_HASH', {
        API_BASE_URL: 'http://localhost:9005',
        API_AUTH_PATHNAME: '/examples/auth/passport/hashstrategy-gethash',
        URL_AFTER_SUCCESSFUL_LOGIN: '/examples-spa/login/hash/page1',
        URL_AFTER_LOGOUT: '/examples-spa/login/hash/form'


There are 2 directives in angular-passport to generate:

  • Login Form

    	<ngpassport-form templateurl="myBootstrapForm.html"></ngpassport-form>
    	<!-- override default form template -->
    	<script type="text/ng-template" id="myBootstrapForm.html">
    	   		<form action="#" method="POST" enctype="application/x-www-form-urlencoded" class="form-horizontal">
    				<div class="form-group">
    					<label for="username" class="col-sm-4 control-label">username:</label>
    					<div class="col-sm-4">
    						<input type="text" class="form-control" ng-init="username='john'" ng-model="username">
    				<div class="form-group">
    					<label for="password" class="col-sm-4 control-label">password:</label>
    					<div class="col-sm-4">
    						<input type="text" class="form-control" ng-init="password='test'" ng-model="password">
    					<div class="col-sm-3">
    						<input type="button" value="Login Basic" class="btn btn-success" ng-click="login()">
    			<p class="alert alert-danger" ng-if="errMsg">{{errMsg}}</p>
  • Logout Button

    	<ngpassport-logout template-url="myBootstrapLogout.html">Logout</ngpassport-logout>
    	<!-- override default form template -->
    	<script type="text/ng-template" id="myBootstrapLogout.html">
    	   	<a href="#" style="border:1px solid Gray;font-size:21px;padding:5px;" ng-click="logout()"><span class="glyphicon glyphicon-log-out"></span></a>

####Regular HTML Notice that you can also use regular HTML tags instead of angular directives. For example:

<button class="btn btn-success" ng-controller="NgPassportBasicCtrl" ng-click="logout()">Logout</button>


	<!-- form created by standard HTML tags -->
	<form action="#" method="POST" enctype="application/x-www-form-urlencoded" class="form-horizontal" ng-controller="NgPassportBasicCtrl">

		<div class="form-group">
			<label for="username" class="col-sm-4 control-label">username:</label>
			<div class="col-sm-4">
				<input type="text" class="form-control" ng-init="username='john'" ng-model="username">

		<div class="form-group">
			<label for="password" class="col-sm-4 control-label">password:</label>
			<div class="col-sm-4">
				<input type="text" class="form-control" ng-init="password='test'" ng-model="password">
			<div class="col-sm-3">
				<input type="button" value="Login Basic" class="btn btn-info" ng-click="login()">

		<p class="alert alert-danger" ng-if="errMsg">{{errMsg}}</p>

Protect routes (states) and API endpoints

All API endpoints are protected by default with $http interceptor, so each $http request is added with 'Authorization' header.

Route protection is also very simple. Just add authRequired: true inside your state definition, and state will not be accessible if authentication failed.

/* state: 'examples-spa_login_jwt_page1'
 * url: /examples-spa/login/jwt/page1
module.exports = function (APPCONF) {
    'use strict';

    return {
        url: '/examples-spa/login/jwt/page1',
        views: {
            '': {
                templateUrl: APPCONF.PATH_DIST_HTML + '/examples-spa/login/jwt/page1/page1.html'
            'topmenu@examples-spa_login_jwt_page1': {
                templateUrl: APPCONF.PATH_DIST_HTML + '/examples-spa/login/jwt/_common/topmenu/topmenu.html',
                controller: 'TopmenuJWTCtrl'

        authRequired: true


Basic Authentication

  1. When user type username & password in login form a string 'username:password' is encoded to base64 (john:test => am9objp0ZXN0)
  2. A request with header: Authorization: Basic am9objp0ZXN0 is sent to API.
  3. If auth was successful API returns object

     "isLoggedIn": true,
     "msg": "Basic authentication was succcessfull.",
       "putLocally": {
       		"username": "john",
       		"authHeader": "Basic am9objp0ZXN0"
  4. A cookie 'authAPI' is set with object putLocally .

  5. Angular sets up interceptor with cookie data and each $http request sent to API is intercepted with 'Authorization':'Basic am9objp0ZXN0' header

###JWT Authentication 1. User type username & password and when Login button is clicked request POST /examples/auth/passport/jwtstrategy-gettoken {username: 'john', password: 'test'} is sent to API 2. Client receives respond object from API

  "isLoggedIn": true,
  "msg": "Login was successful. JWT Token is generated and you can use it in request header to access API. Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU3YTcyNjk1MzcwYmM1MDk2MmUzNDVmZSIsImlhdCI6MTQ3Mzg2MDgyM30.R-OPMVRUXgZ2RK4iPkmEMWGbKg7iN_zJj1MA1cGBHWY",
  "putLocally": {
    "username": "john",
    "authHeader": "JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU3YTcyNjk1MzcwYmM1MDk2MmUzNDVmZSIsImlhdCI6MTQ3Mzg2MDgyM30.R-OPMVRUXgZ2RK4iPkmEMWGbKg7iN_zJj1MA1cGBHWY"
  1. Object putLocally is used to create cookie 'authAPI' .
  2. Angular sets up interceptor with cookie data and each $http request sent to API is intercepted with 'Authorization': 'JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjU3YTcyNjk1MzcwYmM1MDk2MmUzNDVmZSIsImlhdCI6MTQ3Mzg2MDgyM30.R-OPMVRUXgZ2RK4iPkmEMWGbKg7iN_zJj1MA1cGBHWY'

###Hash Authentication Notice: Hash string must be stored in database and returned by API on user's successful login

  1. User type username & password and when Login button is clicked request POST /examples/auth/passport/hashstrategy-gethash {username: 'john', password: 'test'} is sent to API
  2. Client receives respond object from API

      "isLoggedIn": true,
      "msg": "Login was successful. Now you can use hash to access API endpoints. For example: /examples/auth/passport/hashstrategy/e7b1951a91718085f4382391c31ef175df72addddb",
      "putLocally": {
        "username": "john",
        "hash": "e7b1951a91718085f4382391c31ef175df72addddb"
  3. Object putLocally is used to create cookie 'authAPI' .

  4. Angular sets up interceptor with cookie data and each $http request sent to API is intercepted by adding suffix to URL for example: GET /examples/auth/passport/hashstrategy/e7b1951a91718085f4382391c31ef175df72addddb


  1. Directive will send 'username' and 'password' object properties to API: {username: 'john', password: 'test'} . It is also possible to define some other variable names for example 'user', 'pass' if your API requires so.
  2. API response object when username and password are correct must have this format:

    	"isLoggedIn": true,
     	"msg": "Basic authentication was succcessfull.",
     	"putLocally": {
      		"username": "john",
      		"authHeader": "Basic am9objp0ZXN0"
  3. Cookie will be set with 'putLocally' object, so it must have 'username' property.

  4. Configuration constants

    var ngPassportBasic = require('angular-passport').ngPassportBasic;
    /* configure */
    ngPassportBasic.constant('NGPASSPORT_CONF_BASIC', {
        // API_BASE_URL: '',
        API_BASE_URL: 'http://localhost:9005',
        API_AUTH_PATHNAME: '/examples/auth/passport/basicstrategy',
        URL_AFTER_SUCCESSFUL_LOGIN: '/examples-spa/login/basic/page1',
        URL_AFTER_LOGOUT: '/examples-spa/login/basic/form'
    module.exports = ngPassportBasic;

    var ngPassportJWT = require('angular-passport').ngPassportJWT;
    /* configure */
    ngPassportJWT.constant('NGPASSPORT_CONF_JWT', {
        // API_BASE_URL: '',
        API_BASE_URL: 'http://localhost:9005',
        API_AUTH_PATHNAME: '/examples/auth/passport/jwtstrategy-gettoken',
        URL_AFTER_SUCCESSFUL_LOGIN: '/examples-spa/login/jwt/page1',
        URL_AFTER_LOGOUT: '/examples-spa/login/jwt/form'
    module.exports = ngPassportJWT;

    var ngPassportHash = require('angular-passport').ngPassportHash;
    /* configure */
    ngPassportHash.constant('NGPASSPORT_CONF_HASH', {
        API_BASE_URL: '',
        // API_BASE_URL: 'http://localhost:9005',
        API_AUTH_PATHNAME: '/examples/auth/passport/hashstrategy-gethash',
        URL_AFTER_SUCCESSFUL_LOGIN: '/examples-spa/login/hash/page1',
        URL_AFTER_LOGOUT: '/examples-spa/login/hash/form'
    module.exports = ngPassportHash;

7 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago


8 years ago