-
Notifications
You must be signed in to change notification settings - Fork 2
Home
The purpose of this simple Angular project is to demonstrate, in a very condensed form, how one can create state-of-art client applications that connect securely to Caché database. There are many ways, how to enforce security when retrieving data from database. But which one is the best? Shall one develop their own, proprietary solution, or shall they pick one of standard solutions?
This project is about a standard solution. In the world of modern, disconnected, distributed web based applications, the OAuth2 and OpenID standars play key role when securing communication between client devices and servers that provide data to those clients.
Let's see, how to start quickly using Angular with OAuth2.
This demo expects that you have an InterSystems Caché, version 2017.1 and later, with OAuth2 authorization server set up. The data (resource) server can be any server, ideally Caché, but any server that is capable communicating via REST is ok. It is not purpose of this document to explain details of setting up Caché OAuth2 authention and and authorization server, for this please refer to this article at InterSystems Developer Community Portal.
For a client code, I used a nice Daily Deals application from Auth0 blog - as it provides nice environment to demonstrate basic principles of developing Angular applications, even for beginners.
The best authorization library turned out to be Manfred Steyer's angular-oauth2-oidc. It provides support for OpenID Connect as well as dynamic discovery and key exchange. The demo client is using both static 'oauth2 client' configuration, with pre-shared jwks keys, as well as dynamic configuration, using openid-configuration document.
Included is a Caché class that implements a simple REST based public and special deals service, used by the original client from Auth0. It's purpose is to demonstrate to Caché programmers how easy it is to expose data to modern REST applications as well as how to perform OAuth2 handling (checking access token validity and scope).