I have an Angular 16 project which I have served as a pwa. I would like to not use localstorage as the cache location for tokens but so far I haven’t been able to get the user experience to be anywhere near as great. Here is my AuthModule:
AuthModule.forRoot({
domain: environment.auth0Domain,
clientId: environment.auth0ClientId,
authorizationParams: {
redirect_uri: window.location.origin,
audience: environment.auth0Audience,
scope: ‘openid profile email offline_access’,
},
useRefreshTokens: true,
httpInterceptor: {
allowedList: [{
uri: environment.auth0ApiUri
}]
}
}),
I am able to refresh the page and the user remains logged in but it is doing the full redirect to auth0 so my app loads much slower. I have read an article about using silent authentication and then this article that talks about refresh tokens but I don’t understand how that will be able to work well either since everything is still in memory and gets lost on refresh. Am I misunderstanding the article?
Right now it seems like it my refresh is working because my app via the AuthGuard realizes it’s on a protected route, thinks the user is not logged in so it redirects to the auth server, the auth server then recognizes that there was a session from this device/browser before and returns without having the user log in all over again(essentially returning the previous session). This works but the real problem is that it takes 1.5 seconds to complete this process while the localstorage solution loads in under half a second.
Hopefully I am just missing something but I have kept the setup pretty simple in that I have really just followed the quickstart for angular and then the calling an api followup steps.
Thank you in advance for your help!
I am on:
@auth0/auth0-angular: ^2.2.1
and
@auth0/auth0-spa-js: ^2.1.2