search

akveo / nebular

:boom: Customizable Angular UI Library based on Eva Design System :new_moon_with_face::sparkles:Dark Mode
https://akveo.github.io/nebular
MIT License
8.06k stars 1.51k forks source link

rememberMe unused in NbAuthService #114

Open gael-ft opened 6 years ago

gael-ft commented 6 years ago

Hi Akveo,

I see that when using NbAuthService for login: authService.authenticate('provider', 'data)...

The rememberMe checkbox (from your NbLoginComponent) is never checked before saving the token into TokenService https://github.com/akveo/nebular/blob/893d56adfe56a0d4f6e8fe9b9591a20e3bafade4/src/framework/auth/services/auth.service.ts#L134

Result: token is always saved (even if checkbox not checked). So when I close my browser and visit again, I'm still logged (token is still here because I did not logout).

Is this normal behavior ?

nnixaa commented 6 years ago

Hi @gael-ft, as for now we cound't decide where and how this logic should be implemented. Currently, the rememberMe flag is passed to your backend API alongside with login and password, so that for instance you can set an expiration date for the token (in case you use JWT). Otherwise, as far as I can tell we have to use cookies to implement the "remove token when the browser is closed" logic, which is not the way we would like to go on this, as cookie storage has enough of disadvantages.

I'm leaving this issue opened in case someone has a better idea on this.

dedpnd commented 6 years ago

Hi @nnixaa, i imagined it that way. If rememberMe is not selected then the token is recorded in sessionStorage, respectively, if selected then recorded in the localStorage.

nnixaa commented 6 years ago

@gael-ft this is a good point, though this would introduce a conditional switching between storages. Have to think about it.

ThrownLemon commented 6 years ago

@nnixaa 

  /**
   * Sets the user credentials.
   * The credentials may be persisted across sessions by setting the `remember` parameter to true.
   * Otherwise, the credentials are only persisted for the current session.
   * @param {Credentials=} credentials The user credentials.
   * @param {boolean=} remember True to remember credentials across sessions.
   */
  private setCredentials(credentials?: Credentials, remember?: boolean) {
    this._credentials = credentials || null;

    if (credentials) {
      const storage = remember ? localStorage : sessionStorage;
      storage.setItem(credentialsKey, JSON.stringify(credentials));
    } else {
      sessionStorage.removeItem(credentialsKey);
      localStorage.removeItem(credentialsKey);
    }
  }
prashantidealittechno commented 5 years ago

How does the remember me is working and how it will work if there is a method for saving the token in localStorage or sessionStorage?

Remember me also display even after setting 

    rememberMe: false,   // whether to show or not the `rememberMe` checkbox

It must be hidden if we set the value false.

StefanNienhuis commented 4 years ago

This issue has been inactive for more than a year, but hasn't been solved. I would like to see @ThrownLemon's solution implemented, or else it probably should be documented somewhere that this checkbox does nothing.

gentakme commented 2 years ago

Any update? how to store token in session instead of localstorage when "remember me" is unchecked? @nnixaa @ThrownLemon @yggg @prashantidealittechno @dedpnd

worawut-w commented 1 year ago

Is there any update to this issue?

danhanDEV1 commented 1 year ago

We still have this issue, any updates?