Oauth consumptions invalidated in typescript


I have a query in an OAuth application and in case the access token has expired I want to automatically request a new token to the endpoint but , How do I do that in the same chain of events?

That is:


The system requests the resource with the access token but it is rejected.

I require that the same system and without the participation of the user request a new token to the endpoint token and with the new request the resource.

This process should be transparent to just one click , does anyone have any idea how to do that in Angular 2 ?

asked by programmercito 23.03.2017 в 17:28

2 answers


good morning, after so much discussion and after having read this link that seems the most reasonable: link what should be used is a cookie and a token also in the session storage or localstorage which makes invulnerable to "direct" attacks on both sides, ie making calls from another domain or making calls by inserting scripts, so that it is totally sure to use oauth or other.

answered by 03.04.2017 / 16:51

If you are using Oauth it is recommended that your service return 3 things

  • Life time: to know when it expires
  • accessToken: its name says it
  • Refreshtoken: the refresh token allows you to request more accesstokens

The refreshtoken has no expiration date as the accesstoken and is generally ONE USE ONLY , once used it no longer works, unlike the access token that you can continue using it, so If the request for the new accesstoken fails then the user will have to enter their credentials again (we will have to log in again).

Once the refreshtoken is used you must return the same 3 things.

What I recommend is that you save the refreshtoken on your application server and use ajax / $ http to make a call to some endpoint (eg link ) for the server to process the new accesstoken with the authentication server.

The implementation of the client side varies depending on the authentication server and which Oauth library is using.

This process some call it the "Oauth dance" would be every time your token expires, it is annoying but it is thought for security after all.

answered by 24.03.2017 в 00:40