Angular & Nodejs JWT Authentication fullstack | Nodejs/Express RestAPIs + JWT + BCryptjs + Sequelize + MySQL – Part 3: Build Frontend


The tutorial is Part 3 of the series: Angular & Nodejs JWT Authentication fullstack | Nodejs/Express RestAPIs + JWT + BCryptjs + Sequelize + MySQL. Today we’re gonna build a Angular HTTP Client App that can interact with Nodejs JWT Authentication Server.

Part 1: Overview and Architecture
Part 2: Build Backend

Related Posts:
Angular 6 Http Interceptor – with Node.js RestAPIs
Angular 6 HttpClient Crud + Node.js Express Sequelize + MySQL – Get/Post/Put/Delete RestAPIs

How to build JWT Authentication frontend with Angular


Send Requests to Server
Add Token to Header with HttpInterceptor

We use Angular HttpInterceptor with intercept() method to inspect and transform HTTP requests (before they are sent to server):

– The HTTPRequest object will be inspected and forwarded to handle() method of the HttpHandler object.
handle() method transforms HTTPRequest object into an Observable of HttpEvents which includes the server’s response.

What is next: HttpHandler object?
-> This object represents the next interceptor in the chain of interceptors. The final ‘next’ in the chain is the Angular HttpClient handler.

HTTP Request using HttpClient

We send HTTP Requests (signin/signup) using Angular HttpClient:

AuthLoginInfo fields & SignUpInfo fields are validated using Angular template-driven Form.

Once Token is saved, we can access protected resources simply:

Handle Responses

Using AuthService to work with Observable object:

Signup Response

Login Response

In addition to using AuthService to work with Observable object, we also call TokenStorageService methods to save Token, Username, Authorities:

Manage Token & User Logout

We use TokenStorageService to manage Token inside Browser’s sessionStorage:

For Logout action, we only need to clear Browser’s sessionStorage:

Angular Client for JWT Authentication Overview


We will build Angular Client which allows users to register, login account. And depending on the role of current User (user, pm or admin), this system accepts what he can access:


The diagram below show how our system handles User Registration and User Login processes:


Elements Overview


app.component is the parent component that contains routerLink and router-outlet for routing. It also has an authority variable as the condition for displaying items on navigation bar.
user.component, pm.component, admin.component correspond to Angular Components for User Board, PM Board, Admin Board. Each Board uses user.service to access authority data.
register.component contains User Registration form, submission of the form will call auth.service.
login.component contains User Login form, submission of the form will call auth.service and token-storage.service.

user.service gets access to authority data from Server using Angular HttpClient ($http service).
auth.service handles authentication and signup actions with Server using Angular HttpClient ($http service).
– every HTTP request by $http service will be inspected and transformed before being sent to the Server by auth-interceptor (implements HttpInterceptor).
auth-interceptor check and get Token from token-storage.service to add the Token to Authorization Header of the HTTP Requests.

token-storage.service manages Token inside Browser’s sessionStorage.


– Angular 6
– RxJS 6

Project Structure



Create Services & Components

Run commands below:
ng g s auth/auth
ng g s auth/token-storage
ng g s services/user

ng g c login
ng g c register
ng g c home
ng g c user
ng g c pm
ng g c admin



Auth Models




Auth Service


Token Storage Service


User Service


HTTP Interceptor


Home Component



Login Component



Register Component



[UserRole] Components





App Routing






By grokonez | December 11, 2018.

Related Posts

1 thought on “Angular & Nodejs JWT Authentication fullstack | Nodejs/Express RestAPIs + JWT + BCryptjs + Sequelize + MySQL – Part 3: Build Frontend”

  1. Hello! First of all THANKS for this tutorial, it is very good and well explained. I wanted to ask you a question, from Angular I can log in well and it gives me back the information of the user (For example its ROLE). But when I try to enter the views for each role it gives me a 401 error and in the Sprinng Boot console it tells me: “[io-8080-exec-10] cgbsecurity.jwt.JwtAuthEntryPoint: Unauthorized error Message – Full authentication is required to access this resource ”

    What am I doing wrong?

    Thank you!

Got Something To Say:

Your email address will not be published. Required fields are marked *