Skip to content

See #1108: support using OAuth instead of JWT in front when logging in to a different domain

Agate requested to merge 1108-oauth into develop

See #1108 (closed)

When trying to login with the SPA on a different domain (typically happens in development when pointing the frontend to a different domain), use Oauth instead of JWT:

  • Create an OAuth app and redirect user to authorization screen on the api domain
  • Handle redirection and store oauth app/credentials
  • Use oauth Bearer token instead of JWT for authentication when doing ajax requests
  • Refresh oauth token transparently when it is expired, via axios-auth-refresh

Merge request reports