July 14, 2025 08:33 by
PeterDepending on whether a user is logged in or has particular permissions, we frequently need to limit access to particular routes in Angular apps. Angular offers Route Guards, like CanActivate, to protect certain routes. In one of our projects, we had to prevent users from accessing the dashboard unless they were authenticated. We created an AuthGuard with CanActivate and added logic to check if the user token was locally stored. Everything was running fine until we released the app.
Some users claimed that they were repeatedly taken to the login screen even if they were already logged in.
Reasons for the Problem
We found that timing was the cause of the problem. The guard attempted to verify the token before the validation was finished, even though the app had already called the API to validate the token at startup. It is therefore believed that the user was not authenticated.
How did we fix it?
Our AuthGuard logic has been modified to wait for validation to complete before granting or denying access. We used a shared AuthService with an isAuthenticated$ observable rather than just checking local storage.
Here’s how we adjusted the AuthGuard.
canActivate(): Observable<boolean> {
return this.authService.isAuthenticated$.pipe(
take(1),
map(isAuth => {
if (!isAuth) {
this.router.navigate(['/login']);
return false;
}
return true;
})
);
}
And in the AuthService, we updated the token status using a BehaviorSubject once the API response came back.
private authStatus = new BehaviorSubject<boolean>(false);
isAuthenticated$ = this.authStatus.asObservable();
validateToken() {
// Call backend to validate token
this.http.get('/api/validate-token').subscribe(
() => this.authStatus.next(true),
() => this.authStatus.next(false)
);
}
We called validateToken() once in AppComponent during app initialization.
Conclusion
Route guards are essential for secure routing in Angular apps. But they must be carefully integrated with authentication logic, especially when token validation involves an async call. Using an observable approach helps in handling real-time state and avoiding premature navigation decisions.