Security is a fundamental aspect of any website application. This is especially true for Angular applications (and other browser-based applications). Here are some notes, links, and samples I have used to help me implement security correctly.
An important aspect of securing your Angular app is choosing an Identity Provider. IdentityServer4 is very popular. It allows you to host it yourself and to customize to your needs. It is an ASP.NET Core application, so it is necessary to support that type of application in your infrastructure. Auth0 and Okta are two hosted providers and are very popular. They may not be as customizable as IdentityServer, but they can provide a lot of value if you need to get a solution up and running quickly.
NOTE: IdentityServer4 will no longer be a free product (as of Oct 1st 2020):
I have found these PluralSight courses extremely valuable. They each explained the topic well and included helpful samples and demos.
Angular OAuth2 OIDC Configuration with IdentityServer4
Securing Angular Apps with OpenID Connect and OAuth 2
by Brian Noyes
Securing ASP.NET Core 3 with OAuth2 and OpenID Connect
by Kevin Dockx
OpenID Connect & OAuth 2.0 – Security Best Practices - Dominick Baier