getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser

Question

When I test the setup on my laptop Chrome browser everything works just fine using both sameWindow and newWindow: I am able to login though for example Facebook and the user is authorized and can use my app.

However, when I try to deploy the app to android and use the inAppBrowser things break. When selecting the 'login through FB' button in my app I can see the inAppBrowser frame come up with the Facebook mobile site asking to login. When I inspect that specific window through Chrome inspect, I can see that the callback from FB coming in to omniauth on my server including state and code in the querystring:

https://<app>.herokuapp.com/omniauth/facebook/callback?code=<code>&state=<state>

This request receives a 302 redirect to the following URL:

https://<app>.herokuapp.com/api/v1/auth/facebook/callback

This follow-up request receives a 200 response. So far it all seems fine and the inAppBrowser window closes, we get back to my mobile app and I see the ng-token-auth "auth:login-success" event passing by.

However, any subsequent API requests to my server receive a 401 Not Authorized response. When I look at the request headers of those API requests I don't see any of the headers that Chrome on my laptop is sending to the server such as: access-token, client, expiry, token-type and uid.

I would be very grateful for any advice on where to look or what I am missing here.

Thanks!

Answer 1

Turns out that when working with ionic and I assume it is the same with cordova, storing the tokens according to default behavior in the cookie does not work. However, once you configure it to work with localStorage it works great!

For more info see this issue I opened at the GitHub project.