Angular http Interceptor and AuthInterceptor

HTTP Interception is an important feature of @angular/common/http. It enables an application to inspect responses and requests made to it. Typically, one or more interceptors form a forward-and-backward chain of handlers. Angular apps use HttpInterceptors to intercept HTTP requests and channel them before they pass to the webserver. To understand how interceptors work, let's review the two most common examples.

Can we have multiple interceptors?
Multi-angle interceptors are the most common type of air defense aircraft, but how can they be useful? They can be very useful in a variety of ways. As a rule, they play for uncontested objectives such as enemy ships with stressed weapons. Another advantage of these aircraft is that they can target specific ships with multiple arcs of fire. This makes them ideal for securing objectives in the early game.

The range and speed of an interceptor is important. It is possible to have one interceptor with multiple angles, but they are likely to be slow. If they are unable to stay within range, the interceptor must close in and drop tackle. Some interceptors have bonus hulls, which help them escape. Other ships, such as fleet interceptors, have a range bonus when they scram. Other hostile ships, such as Mordu's Legion and Gallente T2 EWAR ships, may use faction scrams and heat to escape.

JWT Authentication
Angular provides HTTP interceptors for handling backend server calls. By default, the HTTP backend interceptor is the last one in the execution chain. You can't change this order or remove an interceptor, so you need to build this capability into your interceptor. Fortunately, Angular makes this capability easy to add. This article will walk you through the process of implementing it. Let's begin with an example.

To make JWT authentication work with Angular, you need an app module that provides the way to retrieve the token. The HttpClient service must be injected with the JWT token. Once you get the token, it will be included in HTTP requests. This makes the application secure. However, you will still have to ensure that your app does not store your JWT token on your server.

OpenID Connect
An Angular interceptor for OpenID Connect is a convenient extension that can be included in your application to prevent your users from logging in with a fake identity. The interceptor takes care of a variety of problems, including error handling and authentification, adding custom headers to outgoing requests, and logging incoming responses. If you need a custom interceptor, check out the documentation for the Angular framework.

Once you've installed the Angular interceptor for OpenID Connect, you should register the module encapsulating your application's configuration with an OIDC Identity Provider. The module should return the AuthService, completeAuthentication, and a redirect uri. Then, you're all set to go! The Angular interceptor for OpenID Connect is available on the official Angular framework site.

OIDC ID token
The AuthInterceptor class adds an access token to API requests. The access token should be specific to the API to which it is sent. Otherwise, it will match the URL using a regular expression. This will work around the problem of AuthHttpInterceptor. The access token will be sent in the authorization header. But you should check that your access token matches the URL before you send it to the API.

An ID token has many uses. An application can use it to customize the user experience by using claims it stores about the user. For example, the user's name can be displayed on the UI or a birthday message can be sent. In the same way, an application can save on requests by using an ID token instead of a cookie. Using an ID token can improve performance and decrease the amount of data requests required.

Share :