I would love to see a section on authentication and authorization best practices. From my research, it doesn't seem like this is covered as well as it should be in various Angular resources. This isn't a knock against the OP - just something I'd like to see.
Authentication and Authorization don't belong in the front-end, that belongs on the backend with the server, the one true source as to whether a user is authenticated and whether a user has authorization to do what they are trying to do.
So as long as you write your REST endpoints correctly, your front-end will fall into line.
I agree that most of the authentication belongs on the backend, but there's still the question of how best to handle/recognize authenticated users and authorized requests on the frontend. Should I be using JSON web tokens, or cookies? What's the best way to protect routes for users with varying degrees of access? If anything, I'd like to see pros and cons of each strategy, assuming a backend implementation is already in place.
Awesome guide Todd -- thank you so much for taking the time to put this together (I know how scarce time can be, and I also know how much time goes into a 10k-word tutorial, so it's appreciated).
I went through the whole thing last week when it went live, and right off the top of my head, my biggest piece of feedback is that there are several sections where ideas/concepts are introduced without enough context. I've been playing with Angular for a few months so have a baseline of knowledge, but I know that were I a newbie, some things would be confusing.
The first example that stuck out is in section 4 ('Understanding $scope'). That paragraph mentions Controllers several times, and refers to some code that includes the ng-controller directive. But Controllers aren't introduced until section 5.
So as someone who likes to fully understand each block of example code I'm presented, that would likely be confusing if I hadn't already known what Controllers were. So in that section, maybe a bit of re-ordering / introduction is called for.
(Perhaps you can find a "pure novice" out there who will volunteer to read the whole thing over and highlight where that sort of thing happens.)
You should provide great sources for AngularJS plugins/modules to prevent implementing our own, and reinventing the wheel, Also could cover in a chapter how to extend AngularJS with similar stuff. I'd love to read about handling producer side of message queues.
Great tutorial. Good overall guide vs. many I have read that go over most of the basic Angular starter points.
I have a question about the syntax you are using for factories and services. I notice you use Pascal Case for your objects vs. Camel Case as in the AngularJS docs... I like to use best practices and have seen both so I am not sure which is kosher in the community. Is that something that is changing?
I noticed you define it as a function first then reference it in the constructor. I understand what you are doing but again the examples I have seen do it differently so I am confused as to which way to do it and the "why".
What about a piece on best practices and suggestions on things to do and watch out for? I know as someone just getting into angular that would be nice to know before I make the same mistakes.
Todd has already mentioned his Best Practices guide, which is awesome and inspired me to write my own. Mine is heavily based on his, but adds a few more (maybe controversial) things. And I have a sample seed project that implements many of the best practices. See https://github.com/jmcunningham/angularjs-styleguide
really like this tutorial. I was going to say it' be good to see more on nested scopes versus the controllerAs but you've also liked out to some great follow on content. Thanks!
