8
I am developing an Angular Addin for outlook - Office365 for a management application "Jasmin Software". The application is divided into two parts, A 1 is a javasscript application to handle authentication on the Aouth2 server, the second is the angular application itself.
Question: How can I securely pass the returned token after authentication to the angular application and then make the requests to the application.
My code after getting the answer from the server is this:
function getCallbackResponse(data) {
var responseParameters = (data).split("&");
var parameterMap = [];
for (var i = 0; i < responseParameters.length; i++) {
parameterMap[responseParameters[i].split("=")[0]] = responseParameters[i].split("=")[1];
}
if (parameterMap.access_token !== undefined && parameterMap.access_token !== null) {
var oauth_response = {
access_token: parameterMap.access_token,
expires_in: parameterMap.expires_in
};
// ESTOU A USAR ISTO...MAS NÃO SEI SE A MELHOR FORMA?
sessionStorage.removeItem('oauth');
sessionStorage.setItem('oauth', JSON.stringify(oauth_response));
} else {
console.log('Problem authenticating');
}
}
A common practice, regardless of the platform or app, is to encrypt the token. When you submit the request, you send the encrypted token.
– Marco Garcia
Do you have any suggestions for an encryption algorithm??
– Sérgio Sereno