Chapter 10. Authentication
This chapter covers
- Comparing cookie- and token-based authentication
- Securing your Aurelia applications with tokens
- Using value converters, HTTP interceptors, and route-pipeline steps
Although we’ve assumed only one user account in the my-books application to this point, launching it in the real world would require it to support multiple users in a variety of roles. You’re probably already familiar with the concepts of authentication and authorization, so we won’t cover these in detail. But SPAs require a nontraditional approach to authentication. Whereas traditional server-side applications are typically secured using cookies and server-side rendered views—where the server has the context of who the user is—SPAs don’t have this luxury. Because the application views (such as the navigation bar) are rendered on the client side, you need a new set of tools and techniques: first, to handle what is shown based on a user’s authentication status, and then, to render the page appropriately based on the user’s authorization level. This chapter demonstrates how you can use a combination of JSON Web Tokens (JWTs), local storage, and Aurelia’s routing system to build authentication and authorization into your Aurelia applications.