Skip to content Skip to sidebar Skip to footer
Home / Access Token / Angularjs / Authentication / Http Status Code 401 / Javascript

Angularjs - Handling Refresh Token?

Post a Comment
I'm building a SPA with AngularJS with communication to a service (JAVA). When user sends his username/pass, service sends back both: Acces token and Refresh token. I'm trying to h

Solution 1:

Have a look at this: https://github.com/witoldsz/angular-http-auth.

He uses a buffer to replay the requests after authentication.

Solution 2:

I would strongly advise against sending and storing refresh tokens on SPAs like Angular.

If you are using session storage or local storage, you are opening a window of opportunity for the this refreshToken to be captured, either by a XSS attack, or by the user leaving the computer unattended.

See this article or this question for more info.

Post a Comment for "Angularjs - Handling Refresh Token?"