I have an angular app and I have the spring-boot app for the stormpath java SDK for authentication. I have all the endpoints created for registration,receive token, Refresh token etc.
I have the registration flow setup and I am able to login the user. These are the few questions I am having trouble to handle on the app.
Once I have the access_token, How do I make sure that it is passed with the request for all the api calls being made by the app.
How do I automatically refresh the Token when a new request is made.
How do I know the access_token has expired so that I can throw a pop up to ask to continue and then refresh the token.
I have been trying to read to find a proper solution for this but all the tutorials explain just the login functionality with either facebook,twitter etc.
I donot have node.js/express in my app yet if it is really needed then i can incorporate that as well but do I really need it since I have the api endpoints created to get me the info I need.
Can provide more info if needed.
Any suggestions or inputs are appreciated to get me rolling.
I work at Stormpath.
We use a secure cookie strategy for storing the access and refresh token on the client, this allows us to transparently issue new access token when it expires. It also makes it easy to authenticate all requests from your Angular app, without doing anything special.
We discuss this strategy at a high level in our Express.js documentation:
http://docs.stormpath.com/nodejs/express/latest/authentication.html#cookie-authentication
We're currently working on adding the same logic to our Java SDK, and I'm told that this may be available in master as soon as next week. I'd watch the repo for updates :)