Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

SOLVED: Ajax request's cookies do not store in Firefox and Chrome - Angular 4

Ivan Arantes:

Here in the company we have an angular 4.3 app and I've been working with OAuth and JWT authentication + Spring Boot/Security backend. The authentication is working fine, but i have problems when i want to renew the Token after it expires using 'refresh_token'.

Firefox and Chrome are not saving the Response cookies with the refreshToken, so when i do the Ajax post method to receive a new accessToken, the cookie is not being sent together and then i get the error message at the backend "Cannot convert access token to JSON" which i believe it's because the token is null.

I have already searched for others questions but none of them helped me :(

It works fine on IE 11.

URIConstantes.LOGIN = 'http://localhost:9090/oauth/token';

Here is the code for login request that works but do not store cookie:

login(formGroup: FormGroup): Observable {
const headers = new Headers();
headers.append('Authorization', 'Basic xxxxxxxxxxxx')
headers.append('Content-Type', 'application/x-www-form-urlencoded');
let user = formGroup.get('username').value;
let password = formGroup.get('password').value;
const body = 'username=' + user + '&password=' + password + '&grant_type=password';
return, body, {headers: headers})
.map((response: Response) => {
let token = response.json()['access_token'];
if (token != null) {
this.token = token;
return true;
} else {
// return false to indicate failed login
return false;

Generate new access token method:

obterNovoAccessToken(): Observable {
const headers = new Headers();
headers.append('Content-Type', 'application/x-www-form-urlencoded')
headers.append('Authorization', 'Basic xxxxxxxxxxxxx')

const body = 'grant_type=refresh_token';
return, body, { headers, withCredentials: true })
.map(response => {
console.log('Novo access token criado!');
response => {
console.error('Erro ao renovar token.', response.json());
return Promise.resolve(null);

RefreshTokenPostProcessor class:

public class RefreshTokenPostProcessor implements ResponseBodyAdvice {

public boolean supports(MethodParameter returnType, Class extends HttpMessageConverter>> converterType) {
return returnType.getMethod().getName().equals("postAccessToken");

public OAuth2AccessToken beforeBodyWrite(OAuth2AccessToken body, MethodParameter returnType,
MediaType selectedContentType, Class extends HttpMessageConverter>> selectedConverterType,
ServerHttpRequest request, ServerHttpResponse response) {

HttpServletRequest req = ((ServletServerHttpRequest) request).getServletRequest();
HttpServletResponse resp = ((ServletServerHttpResponse) response).getServletResponse();

DefaultOAuth2AccessToken token = (DefaultOAuth2AccessToken) body;

String refreshToken = body.getRefreshToken().getValue();
adicionarRefreshTokenNoCookie(refreshToken, req, resp);

return body;

private void removerRefreshTokenDoBody(DefaultOAuth2AccessToken token) {

//add token on cookie response
private void adicionarRefreshTokenNoCookie(String refreshToken, HttpServletRequest req, HttpServletResponse resp) {
Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
refreshTokenCookie.setPath(req.getContextPath() + "/oauth/token");


Response cookie after login:

value: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
expires: 2017-10-01T21:03:13.000Z,
path: '/oauth/token',
httpOnly: true

What I've already tried without success:

- Added 'Domain: Localhost' on response header.

- Checked if the origin-request matches CORS 'Access-Control-Allow-Origin'

Thank you very much!

Posted in S.E.F
via StackOverflow & StackExchange Atomic Web Robots
This Question have been answered

This post first appeared on Stack Solved, please read the originial post: here

Share the post

SOLVED: Ajax request's cookies do not store in Firefox and Chrome - Angular 4


Subscribe to Stack Solved

Get updates delivered right to your inbox!

Thank you for your subscription