Satellizer doesn't apply Authorization header if token has expired (via isAuthenticated)?

[roberttolton]

So, I'm trying to implement token refreshing based on this comment:
#58 (comment)

However, my API never gets the chance to reply with a 401 Unauthorized because Satellizer removes the Authorization header of a request that occurs after the expiration time of the token. So, because the Authorization header isn't set, my API replies with a 400 Bad Request because the token is MISSING, not because it has expired and needs refreshing.

Any ideas?

Would be it better to implement a timer in AngularJS set for shorter than my API's expiration time, or to refresh and set a new token on the client in every request?

Thanks!

[daniel-seitz]

Same here. The token should always be sent if present. Also when it is expired.

We need to check it on the backend anyway and return a corresponding status code. We could also implement functionality on the front end to show/do something when we have a expired token and despite this, I see no additional use for not sending the expired token.

Is there a use case?

[ketysek]

Ach ... I tried to solve token expiration via angular-http-auth-interceptor (whole afternoon), but it can't work, when server is responding with error 400 (token_not_provided) ... Why satellizer doesn't include token even if it's expired? I don't see the logic ... :(

[loginov-rocks]

@ketysek #58 (comment)