From a04c2c281873e65910351a88f11bf0d703cca659 Mon Sep 17 00:00:00 2001 From: Sambego Date: Wed, 6 May 2020 10:44:53 +0200 Subject: [PATCH] Update the docs to show the injected HttpRequest in the token getter --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 98383302..24df16d7 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ export class AppComponent { ## Configuration Options -### `tokenGetter: function` +### `tokenGetter: function(?HttpRequest)` The `tokenGetter` is a function which returns the user's token. This function simply needs to make a retrieval call to wherever the token is stored. In many cases, the token will be stored in local storage or session storage. @@ -104,6 +104,24 @@ JwtModule.forRoot({ }); ``` +If you have multiple tokens for multiple domains, you can use the `HttpRequest` passed to the `tokenGetter` function to get the correct token for each intercepted request. + +```ts +// ... +JwtModule.forRoot({ + config: { + // ... + tokenGetter: (request) => { + if (request.url.includes("foo")) { + return localStorage.getItem("access_token_foo"); + } + + return localStorage.getItem("access_token"); + }, + }, +}); +``` + ### `whitelistedDomains: array` Authenticated requests should only be sent to domains you know and trust. Many applications make requests to APIs from multiple domains, some of which are not controlled by the developer. Since there is no way to know what the API being called will do with the information contained in the request, it is best to not send the user's token to all APIs in a blind fashion.