Angularjs - Send authorization header in redirection with $window.open

Question

As mentioned in the title, I want to perform a redirection from an angularJs application residing in localhost:port1 to another angularJs application in localhost:port2.
The two application are secured using openid-connect server and this angualrjs directive.

The problem is when I'm logged in the first app and I perform a redirection to the second app, it tells me to re-sign in as if i'm not authenticated.

So I've figured a workaroud for this problem: I sent the access_token in the redirect url and used it in the second app..

But I read that it's a bad practise to expose the access_token in the URL ..

So my question is is there a way to send an authorization header with redirection using $window.open(url) .. ?

thanks is advance .

Answer 1

No, you cannot set a header because the header you receive, is coming from back-end. You just ask the browser to change the url. And you do not want to put access_token in the url (wise action).

The solution that comes to my mind is to write the access_token in session-storage. It is safe because it is only accessible to current tab. The second angularjs application can check the session-storage on start-up and use it if it exists.

Update: Session storage is port specific so it does not work on this case:

The second solution would be using cookies, unlike sessionStorages, cookies are not port specific. So when the second angularjs application comes up, it can check the cookies to see if the authentication token exists or not, if it exists then it does not goto sign-in page.