angular-guards
Angular Route Guards
Version: Angular 21 (2025) Tags: Guards, Routing, Auth, CanActivate
References: Guards Guide • CanActivate
API Changes
This section documents recent version-specific API changes.
-
NEW: Functional guards — Use
CanActivateFninstead of class-based -
NEW: CanMatch guard — Prevent lazy loading of unauthorized code
-
NEW: provideRouter with guards — Modern guard registration
-
DEPRECATED: Class-based guards — Migrate to functional
Best Practices
- Create functional guard
export const authGuard: CanActivateFn = () => {
const authService = inject(AuthService);
const router = inject(Router);
if (authService.isAuthenticated()) {
return true;
}
return router.createUrlTree(['/login']);
};
- Use CanActivate for route protection
const routes: Routes = [
{
path: 'dashboard',
canActivate: [authGuard],
component: DashboardComponent
}
];
- Use CanActivateChild for child routes
export const adminGuard: CanActivateChildFn = () => {
const auth = inject(AuthService);
return auth.isAdmin() || inject(Router).createUrlTree(['/unauthorized']);
};
const routes: Routes = [
{
path: 'admin',
canActivateChild: [adminGuard],
children: [...]
}
];
- Use CanMatch for lazy loading
const routes: Routes = [
{
path: 'admin',
canMatch: [authGuard],
loadComponent: () => import('./admin/admin.component')
}
];
- Use CanDeactivate for unsaved changes
export const canDeactivateGuard: CanDeactivateFn<CanComponentDeactivate> = (component) => {
if (component.hasUnsavedChanges?.()) {
return confirm('You have unsaved changes. Are you sure?');
}
return true;
};
- Use withComponentInputBinding
export const appConfig: ApplicationConfig = {
providers: [
provideRouter(routes, withComponentInputBinding())
]
};
- Use multiple guards
const routes: Routes = [
{
path: 'admin',
canActivate: [authGuard, adminGuard],
loadComponent: () => import('./admin/admin.component')
}
];
- Pass data to guards
const routes: Routes = [
{
path: 'user/:id',
canActivate: [userGuard],
data: { requiredRole: 'admin' }
}
];
export const userGuard: CanActivateFn = (route, state) => {
const requiredRole = route.data['requiredRole'];
// Check role
};
More from oguzhan18/angular-ecosystem-skills
angular-tailwind
ALWAYS use when working with Angular and Tailwind CSS, Tailwind configuration, utility-first CSS, or styling Angular applications with Tailwind.
139angular-animations
>-
137rxjs
ALWAYS use when working with RxJS Observables, operators, and reactive patterns in Angular applications.
135angular-material
ALWAYS use when working with Angular Material components, CDK, or Material Design in Angular applications.
131angular-security
ALWAYS use when working with Angular Security, XSS prevention, CSRF protection, Content Security Policy, or sanitization in Angular applications.
130angular-bootstrap
ALWAYS use when working with Angular Bootstrap, ng-bootstrap, Bootstrap components in Angular, or Bootstrap 5 integration.
129