JHipster JWT authentication across browser tabs

7
votes

I'm getting started with jHipster.. I have configured to use JWT for authentication.

When signed in using one tab and try to open secured page in other tab, I'm not authenticated in the new tab Is this the default behavior of JHipster? Is it possible to configure token sharing across multiple browser tabs?

I tested more and below is my observation. When using HTTP session based authentication and OAuth2 based JWT authentication, I'm authenticated across different tabs. But when I use JWT based authentication, when logged in one tab, I'm not authenticated in a new tab. I tested this using production configuration too.. It has the same behavior.

I'm not sure if this is the default behavior of JHipster.. but i feel the behavior is inconsistent between different authentication methods... One observation is OAuth2 uses browser localstorage and plain JWT uses sessionstorage.. When using session storage, the tokens are not visible between the tabs... This explains the behavior.

Is this the default behavior of JHipster?

1
authenticationoauth-2.0jwtjhipster
First, Auth0 is not an authentication type of JHipster. Where to store JWT has been discussed several times in JHipster github issues with no real conclusion like here github.com/jhipster/generator-jhipster/issues/3405 . Third option is http-only secure cookies. - Gaël Marziou
It was supposed to be OAuth2. I have updated in question. Still the question remains unanswered - Swadeesh
Yes that's my point, there's currently no definitive answer yet. Work is being done on auth2 refresh tokens and the http-only secure cookie storage has been chosen. See github.com/jhipster/generator-jhipster/pull/5812 - Gaël Marziou
If you prefer localstorage over sesionstorage, just switch to it in the angular code, it's easy to do. - Gaël Marziou
Possible duplicate of JWT: how to handle GET requests when user opens a new tab? - Chris

1 Answers

1
votes

Try to click "Remember me" button. So, it will remember you accross tabs.