When a user sends his credentials, the Node.js server checks that they are correct and answers with a unique token built with the user informations. The AngularJS application stores the token in the user’ SessionStorage and adds an Authorization header containing the token in every requests made after that. If the endpoint is restricted to authenticated users, the server checks the validity of the token and returns the data if the token is valid or a status code 401 otherwise. In addition to that, the AngularJS application checks if the user is logged in and if he can access the requested route. Otherwise, the user is redirected to the login page.
Via Jan Hesse