How do I handle Token Authentication with AngularJS and Restangular?
You could put it in localStorage (always kept) or sessionStorage (cleared when browser is closed). Cookies are technically also a possibility, but don't fit your use case that well (your back end checks a separate header and not a cookie)
I guess there are many ways to skin a cat.
Always depend on server-side checks. Client-side checks might offer some increased usability, but you can never depend on them. If you have a lot of buttons that result in going to a login screen, it will be faster if you keep the client-side check. If this is more the exception than the rule, you could instead redirect to the login page when you get a
401 Unauthorized
when calling your back end.
Here is an example of how you can manage your token:
/* global angular */
'use strict';(function() { angular.module('app').factory('authToken', ['$window', function($window) { var storage = $window.localStorage; var cachedToken; var userToken = 'userToken'; var authToken = { setToken: function(token) { cachedToken = token; storage.setItem(userToken, token); }, getToken: function() { if (!cachedToken) { cachedToken = storage.getItem(userToken); } return cachedToken; }, isAuthenticated: function() { return !!authToken.getToken(); }, removeToken: function() { cachedToken = null; storage.removeItem(userToken); } }; return authToken; }]);})();
As you can see I use "$window.localStorage" to store my token. Like "Peter Herroelen" said in hist post.