ng-token-auth icon indicating copy to clipboard operation
ng-token-auth copied to clipboard

Published 20 hours ago verified publisher icon lynndylanhurley

Refreshing multiple times causes token failure/loss

Open achadee opened this issue 7 years ago • 2 comments

Hi I've used ng-token in multiple apps before but seem to be having an issue with this app

Config:

User: {
      apiUrl:  api_url,
      proxyIf: function() { window.isOldIE() },
      forceValidateToken: false,
      validateOnPageLoad: false,
      tokenFormat: {
        "access-token": "{{ token }}",
        "token-type": "Bearer",
        client: "{{ clientId }}",
        expiry: "{{ expiry }}",
        uid: "{{ uid }}"
      }
    }

Rack CORS config:

config.middleware.use Rack::Cors do
      allow do
        origins '*'
        resource '*',
          :headers => :any,
          :expose  => ['access-token', 'expiry', 'token-type', 'uid', 'client'],
          :methods => [:get, :post, :delete, :put, :options, :head],
          :max_age => 0
      end
    end

I tried changing the storage from cookies to local/session storage, but the token doesnt even show in local/session storage when I do that.

Its important to note that I can still refresh, its only when refresh multiple times (validate the token multiple times in a row). I suspect its deleting the token to replace it and then the second refresh sees no token so raises a 401.

achadee avatar Apr 26 '17 06:04 achadee

UPDATE: The access token is being sent back in the headers for validate token, but not for api calls such as products/orders/customers

is this correct?

achadee avatar Apr 26 '17 08:04 achadee

Just to let everyone know, this is a hack but the issue was resolved by turning off validateOnPageLoad and writing up auth interceptors to signout the user when the api hits a 401.

achadee avatar Apr 28 '17 01:04 achadee