AngularJS (67 Blogs) Become a Certified Professional

What is an Auth Guard in Angular?

Last updated on Sep 09,2024 62 Views

Sunita Mallick
Experienced tech content writer passionate about creating clear and helpful content for... Experienced tech content writer passionate about creating clear and helpful content for learners. In my free time, I love exploring the latest technology.

Angular is one of the most popular and robust Front-end frameworks used commonly to develop dynamic web applications. Some of the features are as follows: route guards are used to safeguard applications by locking the specific routes. In this article, we will discuss what Auth Guards are in Angular, why they are helpful, and where they are, and then we will learn the step-by-step process of creating and using Auth Guards in Angular. We will also incorporate basic questions regarding Auth Guards so clients will know its use in Angular applications.

Overview and Definition

Auth Guards are another component that plays a crucial role in the structure of Angular applications to handle and regulate the user’s access to particular program sections. With the help of Auth Guards, the developers can make some paths accessible only for authorized users which makes the application security more confident. 

 

In other words, Auth Guards are protectors that perform checks to determine whether users are allowed to proceed to subsequent sections in an Angular program. If a user wants to go to a specific route, it will be blocked by the Auth Guard, thereby preventing the user from accessing the route unless he or she fulfills some conditions, like whether the user is logged in or has the right permissions. If the conditions are not met, the user is usually sent to a different page, for example, a login page to prevent unauthorized access.

Features of Auth Guards

Auth Guards offer several key features that enhance both the security and user experience of an Angular application: 

 

  • Control Access: Auth Guards is another service that gives out a strong ability to restrain the users based on their authentication or role. This is even more evident in applications with one or more user tiers, for instance, administrators, editors, and common users. 

 

  • User Authentication: In its most basic form, Auth Guards are designed to determine whether the user is authenticated or not to allow him into a specific route. It is very important to prevent such sections of the application as profiles of users or administrative parts, for example. 

 

  • Customizable: Angular allows its developers to implement custom guards based on their application’s requirements. With this freedom, you can easily set up different forms of access control based on factors such as the user’s role or membership status. 

 

  • Seamless Integration: Auth Guards work perfectly fine with the routing module of Angular, which means that introducing security enforcement does not involve dramatic changes in the code. This approach also guarantees that depending on the level of security required on an application, it requires an Auth Guard where there is a need without complicating the ongoing development. 

 

  • Improved User Experience: Auth Guards benefit users by specifying the areas where users should go in the application to get the most value. For example, an anonymous user who tries to access a particular page, can be guided to the authentication form and, after successful authorization can be transferred to the page he attempted to open.

What are Route Guards in Angular?

Route Guards in Angular are contracts that enable the developers to control the access to parts of the application as well as the flow in the application. These guards impose certain constraints that must be fulfilled before a route can be activated, deactivated or loaded. If used well, they are important because they help control which routes the user gets to access. 

 

Angular provides five types of route guards: Angular provides five types of route guards:

1. CanActivate

This guard decides ahead of time if a given route is to be activated. Among them, it is used in authentication, where only authenticated users are permitted to gain access to some of the routes.

2. CanActivateChild

This guard is similar to CanActivate, but its action is performed on child routes. It makes sure that a child route is, in fact, reachable only in the situation that the user possesses requirements.

3. CanDeactivate

The CanDeactivate guard is applied to prevent the user with the given route from exiting the site without a confirmation. This is particularly relevant for the changes made on forms where users may be required to save the changes they have made before they are redirected.

4. CanLoad

Returns true if a module can be loaded, that is if a guard in the form CanLoad is defined for the current module. This is quite advantageous when working on large applications where some implemented modules should only be included when the user logs in.

5. Resolve

The Resolve guard gets the data before activating a certain route. This ensures that the necessary data is loaded before the user gets to the route, thus giving users a faster and more efficient feel.

All these guards perform different tasks related to the protection and navigation in an Angular application; though CanActivate and CanLoad are employed most frequently for authentication tasks. 

Steps to Create the Application

Below is a detailed guide to help you create a secure Angular application using Auth Guards.

Step 1: Setting Up the Angular Environment

The first thing that needs to be done when developing an Angular application is configuring the environment in which the application is going to be created. We can start by installing Angular CLI, which is a command-line interface tool that helps create and manage Angular apps. Install Angular CLI globally using the following command: Install Angular CLI globally using the following command:

npm install -g @angular/cli

Once Angular CLI is installed, create a new Angular application:

ng new auth-guard-demo
cd auth-guard-demo

This will generate a new project with a default structure, including essential components, modules, and routing configurations.

Step 2: Generating Components and Services

Secondly, create all the parts and services that your application would require. For example, you may require parts for a login page, homepage and a secured page. You can generate these components using the following commands: You can generate these components using the following commands:

 

ng generate component login

ng generate component home

ng generate component protected

ng generate service auth

These commands will generate the appropriate files and directories for your components and services by being called in the upcoming steps.

Step 3: Creating the Auth Guard

Next, create an Auth Guard with the help of the Angular CLI command. The Auth Guard will have a function to ensure whether a user is authenticated or not in as much as the user gains access to the particular routes. Generate the Auth Guard with the following command:

ng generate guard auth

This command will scaffold an initial Auth Guard structure where you can then implement your authentication.

Step 4: Implementing the Auth Guard

When using the Auth Guard, in the Auto Guard file, add features such as the CanActivate methods that would determine whether the user is authenticated. Below is an example of how to implement this method:

import { Injectable } from '@angular/core';
import { CanActivate, Router } from '@angular/router';
import { AuthService } from './auth.service';

@Injectable({
  providedIn: 'root'
})
export class AuthGuard implements CanActivate {

  constructor(private authService: AuthService, private router: Router) {}

  canActivate(): boolean {
    if (this.authService.isLoggedIn()) {
      return true;
    } else {
      this.router.navigate(['login']);
      return false;
    }
  }
}

In this case, canActivate checks if the user is logged in by invoking isLoggedIn method of AuthService. If the user is logged in, then the process returns true, then the user can have access to the route. If the user is not authorized/registered, the method will return false, and the user is redirected to the login page.

Step 5: Applying the Auth Guard to Routes

Last of all, include the Auth Guard in the routes in the app routing as shown below. The Auth Guard can be defined and used as shown below. module. ts file. This ensures that, in any instance, the Auth Guard is called whenever a user tries to navigate to a protected route. The following code snippet shows how to apply the Auth Guard to routes:

import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { HomeComponent } from './home/home.component';
import { LoginComponent } from './login/login.component';
import { ProtectedComponent } from './protected/protected.component';
import { AuthGuard } from './auth.guard';

const routes: Routes = [
  { path: '', component: HomeComponent },
  { path: 'login', component: LoginComponent },
  { path: 'protected', component: ProtectedComponent, canActivate: [AuthGuard] }
];

@NgModule({
  imports: [RouterModule.forRoot(routes)],
  exports: [RouterModule]
})
export class AppRoutingModule { }

In this configuration, the AuthGuard is used to guard the specific route. When a user tries this route, the AuthGuard will determine whether the user is authorized. If the user is not authenticated, they will be redirected to the login page.

Steps to Create an Angular App and Installing Module

To build a secure Angular application with authentication features, follow these steps:

1. Install Angular CLI

First is downloading the Angular CLI; this is a command-line interface that Angular utilizes to help create and build Angular applications. These tools are Angular CLI which is used to create some basic structure of your application and for managing even dependencies.

 

npm install -g @angular/cli

2. Create a New Angular Project

To work with Angular, first install ‘Angular CLI’ and then use its command to create an Angular project. This project will act as the base of your application as you shall see herein. Use the following command to generate a new project:

ng new auth-guard-app

cd auth-guard-app

 

3. Set Up Routing

Routing is very important in Angular applications since it defines how users are going to move around in the application. Use a routing module to set up paths of some parts and elements of the system. Do not forget to put the Auth Guard for including common specific routes to protect some sensible routes.

4. Install Necessary Modules

Depending on the type of authentication approach you are using, you may be required to install other modules. For instance, if you have been using JWT (JSON Web Token) for authentication, you may have to use the @auth0/angular-jwt module. This module makes the handling of JWT tokens easier in your application, as you will see below.

 

npm install @auth0/angular-jwt

Where to Store Route Guards?

Angular applications should be structured in such a way that its code is usable, easy to modify, and fairly simple to extend. Route Guards should be located in a particular directory, although a common directory for the guards or services is advisable. Here’s a recommended structure:

  • src/app/guards/auth.guard.ts: You should save your Auth Guard file in this directory. This option helps to ensure that all the route guards are well arranged in one place and hence can be easily managed.
  • src/app/services/auth.service.ts: Put your authentication service here. This service will be responsible for all the logic surrounding the identification and authorization of the concrete user, login, and logout, as well as, the pinpointing of the authentication state of a user.

In this way, it is possible to maintain great modularity and, at the same time, ensure that the flexibility of the application is being preserved as the project develops. 

Conclusion

Auth Guards are an essential part of all Angular applications since they prevent or grant users access to the application routes according to their authentication status. To design suitable user interfaces, the developers can use Auth Guards to restrict access to many parts of the application and, therefore, safeguard the data of the users and the application itself. 

 In this article, we learnt about Auth Guards, the different types of route guards provided by Angular and how you can create and use Auth Guards in an Angular app. Overall, understanding and working with Auth Guards are crucial for any Angular developer keen to develop secure applications which can be used by users. 

 For those who would like to continue their education on Angular and route guard, it will be beneficial to attend Angular JS Course to gain more knowledge in this field.

FAQs

What is the use of Auth Guard in Angular?

Auth Guards are employed in order to protect particular routes from being accessible in an angular application. They ensure whether a user is authenticated or not and if not then the user is redirected to the login page or to any specific site applicable in this connection.

What are the different types of guards in Angular?

Angular provides five types of route guards: CanActivate, CanActivateChild, CanDeactivate, CanLoad, and Resolve. Each serves a different purpose in managing route access and navigation.

What is the difference between Auth Guard and Interceptor?

While Auth Guard is used for restricting the overall access to the routes of the application based on the user’s authentication, Interceptor is used to manipulate a request or the response it produces for example to append an authentication token to this request.

How to create an Auth Guard in Angular CLI?

In case you cannot generate an Auth Guard using the default Angular CLI command which is ng generate guard auth. It will create a basic guard structure to which you can isolate your authentication functions as you deem fit.

 

Upcoming Batches For Angular Certification Training Course Online
Course NameDateDetails
Angular Certification Training Course Online

Class Starts on 28th December,2024

28th December

SAT&SUN (Weekend Batch)
View Details
Angular Certification Training Course Online

Class Starts on 22nd February,2025

22nd February

SAT&SUN (Weekend Batch)
View Details
Comments
0 Comments

Join the discussion

Browse Categories

webinar REGISTER FOR FREE WEBINAR
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP

Subscribe to our Newsletter, and get personalized recommendations.

image not found!
image not found!

What is an Auth Guard in Angular?

edureka.co