As Angular mostly comes as a Client-side-rendering Single Page App, the common Auth approach is to generate auth tokens, then request sensitive resources from an REST API. The API is secured with the respective token.
See: Session Auth for example.
Route guards
Route guards are not inherently safe. They are just a wrapper, but do not really secure the access of protected resources.