This post is mainly a small set of opinions I have about how the current documentation and sample code, for web SPA clients that use the Angular (2+) framework, are out of date to the point that they are now confusing. IOW, almost as much harm as good.
Here are my points, very short and sweet. Let me know if you’d like me to elaborate:
All current samples use “angular2-jwt” as an npm dependency. This package has been deprecated, and all samples should instead use ’ “@auth0/angular-jwt”: “^1.0.0-beta.9” ’
… this has important ramifications for client-session management (see below)
Once a dev figures out he/she should be using “@auth0/angular-jwt” in their (angular) clients, they visit https://www.npmjs.com/package/@auth0/angular-jwt. Unfortunately, the repo pointed to by this package is still “github.com/auth0/angular2-jwt”, which is wrong & confusing
Once a dev figures out that the real github repo is here: https://github.com/auth0/angular-jwt, the README (though voluminus) is 100% geared towards angular-js. As we all know, angular-js & Angular(2+) are different animals.
Once a dev figures out that they should read this article: https://medium.com/@augiegardner/angular-upgrading-your-jwt-strategy-from-angular2-jwt-to-auth0-angular-jwt-92caead47fef, then they (finally) head back here to read the best doco available: https://www.npmjs.com/package/@auth0/angular-jwt
Once a dev figures out how to properly use “@auth0/angular-jwt”, there are still no examples provide for how to create a (simple, but effective) custom “tokenGetter()” function, that attempts to refresh a token (via SSO session / checkSession()) if/when an existing access_token is expired
To make a long story short, the current Angular samples here (https://github.com/auth0-samples/auth0-angular-samples), are not bad, they are just out of date, and they don’t demonstrate how to provide a properly managed client session. It took me >1 months to snake through the above path, before I finally have my own “template-angular-web” repo that is useful for my company’s developers.