In order to avoid Cors issue when http call is done, please install this google extension: https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeej
This google extension allows to make the calls and avoid to have an "Access-Control-Allow-Origin" issue. The token is saved in local with the localStorage provides by Javascript.