achimha
commented
7 years ago This is where a hardcoded access to localStorage is made, irrespective of what tokenGetter is set to:
Closed achimha closed 7 years ago
achimha
commented
7 years ago This is where a hardcoded access to localStorage is made, irrespective of what tokenGetter is set to:
chenkie
commented
7 years ago That's going to be removed for 1.0 in favor of using the tokenGetter from the config. That way people can store their tokens in other places if they like and it'll be up to them to tell tokenNotExpired how to retrieve them. This is also where the user can decide to use a try/catch or setup some kind of cookie fallback. So basically, this will be fixed in the future :)
escardin
commented
7 years ago @achimha if you call tokenNotExpired yourself, then there is the possibility of it using the hard coded local storage call. The way we are using it, we are passing a token as the second argument that was fetched using the token getter. If your token is falsy, then it will attempt the hard-coded local storage fetch with the default token id. I know it's confusing, and I know it's not ideal. As @chenkie said we'll be fixing it in 1.0.
escardin
commented
7 years ago Duplicates #11
The code currently assumes that
localStorageis available. On Mobile Safari, you can block cookies which also blocks local storage. In this case the browser throws an exception "SecurityError: Dom Exception 18" when trying access the variable.Should
angular-jwttest for availability and avoid touching local storage if unavailable? Or at least guard all accesses with a try/catch block?