Nebular: rememberMe unused in NbAuthService

Created on 27 Dec 2017  路  6Comments  路  Source: akveo/nebular

Hi Akveo,

I see that when using NbAuthService for login:
authService.authenticate('provider', 'data)...

The rememberMe checkbox (from your NbLoginComponent) is never checked before saving the token into TokenService
https://github.com/akveo/nebular/blob/893d56adfe56a0d4f6e8fe9b9591a20e3bafade4/src/framework/auth/services/auth.service.ts#L134

Result: token is always saved (even if checkbox not checked). So when I close my browser and visit again, I'm still logged (token is still here because I did not logout).

Is this normal behavior ?

enhancement help wanted auth needs docs
Source
picture gael-ft
👍4

Most helpful comment

This issue has been inactive for more than a year, but hasn't been solved. I would like to see @ThrownLemon's solution implemented, or else it probably should be documented somewhere that this checkbox does nothing.

picture StefanNienhuis on 18 Mar 2020
👍4

All 6 comments

Hi @gael-ft, as for now we cound't decide where and how this logic should be implemented.
Currently, the rememberMe flag is passed to your backend API alongside with login and password, so that for instance you can set an expiration date for the token (in case you use JWT). Otherwise, as far as I can tell we have to use cookies to implement the "remove token when the browser is closed" logic, which is not the way we would like to go on this, as cookie storage has enough of disadvantages.

I'm leaving this issue opened in case someone has a better idea on this.

nnixaa picture nnixaa on 16 Jan 2018

Hi @nnixaa, i imagined it that way.
If rememberMe is not selected then the token is recorded in sessionStorage, respectively, if selected then recorded in the localStorage.

dedpnd picture dedpnd on 23 May 2018

@gael-ft this is a good point, though this would introduce a conditional switching between storages. Have to think about it.

nnixaa picture nnixaa on 30 May 2018

@nnixaa 

  /**
   * Sets the user credentials.
   * The credentials may be persisted across sessions by setting the `remember` parameter to true.
   * Otherwise, the credentials are only persisted for the current session.
   * @param {Credentials=} credentials The user credentials.
   * @param {boolean=} remember True to remember credentials across sessions.
   */
  private setCredentials(credentials?: Credentials, remember?: boolean) {
    this._credentials = credentials || null;

    if (credentials) {
      const storage = remember ? localStorage : sessionStorage;
      storage.setItem(credentialsKey, JSON.stringify(credentials));
    } else {
      sessionStorage.removeItem(credentialsKey);
      localStorage.removeItem(credentialsKey);
    }
  }
ThrownLemon picture ThrownLemon on 26 Sep 2018

How does the remember me is working and how it will work if there is a method for saving the token in localStorage or sessionStorage?

Remember me also display even after setting 

    rememberMe: false,   // whether to show or not the `rememberMe` checkbox

It must be hidden if we set the value false.

prashantidealittechno picture prashantidealittechno on 10 Dec 2018

This issue has been inactive for more than a year, but hasn't been solved. I would like to see @ThrownLemon's solution implemented, or else it probably should be documented somewhere that this checkbox does nothing.

StefanNienhuis picture StefanNienhuis on 18 Mar 2020
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mobarokhossain picture mobarokhossain  路  4Comments
ChristianVega5421 picture ChristianVega5421  路  3Comments
andredatsch picture andredatsch  路  3Comments
dragonbane0 picture dragonbane0  路  3Comments
maihannijat picture maihannijat  路  3Comments