See #1108 (closed)
When trying to login with the SPA on a different domain (typically happens in development when pointing the frontend to a different domain), use Oauth instead of JWT:
-
Create an OAuth app and redirect user to authorization screen on the api domain -
Handle redirection and store oauth app/credentials -
Use oauth Bearertoken instead of JWT for authentication when doing ajax requests -
Refresh oauth token transparently when it is expired, via axios-auth-refresh