Show HN: Satellizer – Authentication for AngularJS

This is a very nice solution and API for the front-end. It took me a couple part-time months to put together a similar (not modularized) solution for a rewrite of Plunker. There is quite a bit of juggling of information to do to pass around the appropriate information between client, server and auth providers that seems to have been nicely abstracted.<p>There were three major challenges for me in my implementation and I&#x27;m wondering how these could be addressed with Satellizer:<p>1. Anonymous content creation that can be attributed to a user upon sign-up or sign-in. On Plunker, anonymous users can create &#x27;plunks&#x27; that will then attributed to them if they decide to register. This is important to allow streamlined user acquisition.<p>2. Account merging when someone accidentally creates two different user accounts with different social identities. This gets weird when anonymous content creation is involved since someone could create content while signed out and would need all that content re-attributed when they sign in.<p>3. Multi-provider authentication. In Plunker, certain features will only be available if the user has linked (for example) Dropbox. This means consumers of the api need to be able to add &#x2F; remove social identities to &#x2F; from users.<p>Hope to hear how you might attack these problems with something like Satellizer (or other people&#x27;s approaches that have worked).

I built something similar that&#x27;s gained a bit of traction:<p><a href="https://github.com/lynndylanhurley/ng-token-auth" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;lynndylanhurley&#x2F;ng-token-auth</a><p>ng-token-auth comes with a Rails gem, and it&#x27;s configurable to work with almost any API.

This is a very, very nice project -- almost enough to pull me back from ReactJS back to AngularJS. Almost.<p>One question: they say it can be adapted to any Oauth1 or 2 provider, but doesn&#x27;t the Oauth 2 provider have to support the Implicit Flow for this type of client-side app to work?<p>If so, is it true that Github doesn&#x27;t support Implicit flow? (this is what I&#x27;ve read, and I&#x27;ve not found much on the web otherwise about what exact oauth flows Github supports)

This looks neat!<p>It looks like there is a good amount of config for handling different providers. Have you check out OAuth.io and its opensource core oauthd?:<p><a href="https://github.com/oauth-io/oauthd" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;oauth-io&#x2F;oauthd</a><p><a href="https://github.com/oauth-io/oauth-js" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;oauth-io&#x2F;oauth-js</a><p>It&#x27;s a simple node app and js sdk that lets you handle providers in a standardized way.<p>I created a ruby omniauth strategy that simplifies multiple provider support on the backend. A similar approach could be applied to any language:<p><a href="https://github.com/jgrowl/omniauth-oauthio" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jgrowl&#x2F;omniauth-oauthio</a>

I really wish this had been around a month ago. I guess I learned a lot about angular by building it myself.

I may be paranoid, but is there any security concern about doing authentification on the frontend ? Wouldn&#x27;t the user be able to see exactly what is going on and intercept some sensitive information ?

It seems like a nice start. Who will do the security review?

I tried implementing a token-based authentication system, and it worked fine for a while. Then we added a subdomain (login.mysite.com) for registering, and it all went to shit. They don&#x27;t share the same localStorage, so keeping the tokens in sync can be tough.

Not working for me - got a 404 for <a href="http://rawgit.com/sahat/satellizer/master/lib/satellizer.js" rel="nofollow">http:&#x2F;&#x2F;rawgit.com&#x2F;sahat&#x2F;satellizer&#x2F;master&#x2F;lib&#x2F;satellizer.js</a>

How easy is this to use without AngularJS? Additionally, if not, does anyone know of any alternative JS (or perhaps Python) libraries for what Satellizer does?

I tried logging in with Twitter and wasn&#x27;t redirected back to your app, so I wasn&#x27;t able to log in. (Latest Chrome on OSX)

This is very helpful. How about handling validation and errors (e.g. unique account)?

I wonder: why Java and Spring? Do you consider other Java implementations?

Were was this a month ago. Had to do this for Play!, great work.

Wow, this is pretty handy. Awesome work!

Good work +1

So, how would this work if I&#x27;m using Python-Social-Auth as the provider as an interface to Django?<p>Most sites implementing social auth don&#x27;t do it in the client directly, but as an interface to the oauth and then just trusting that authentication as canon, while simultaneously invoking a non-oAuth login() method at the tail end of the oAuth login. Not sure how this relates directly.<p>That said, this is a FANtastic, and very necessary module, and hopefully it covers what I think is the most common use pattern.