Reloading the app causes 401 Unauthorised on first api call after token is validated

I’m submitting a…

• [x ] Regression (a behavior that used to work and stopped working in a new release)
• [x ] Bug report

Current behavior

If an existing and logged in user:

1. the user reloads the app using browser refresh,
2. then the token is validated correctly,
3. but the next call to the API fails as 401 Unauthorized.
4. all following calls succeed

Expected behavior

First request after reloading the app (ie. browser refresh) should not result in 401.

Environment

Angular-Token version: 6.0.3 & 6.0.4 Angular version: 6.1.7 Rails 5.1.6 devise_token_auth 0.2.0 Bundler

• Angular CLI (Webpack)

Browser:

• Chrome (desktop) version XX
• Chrome (Android) version XX
• Chrome (iOS) version XX
• Firefox version XX
• Safari (desktop) version XX
• Safari (iOS) version XX
• IE version XX
• Edge version XX

Other After the validate_token is called and a new token is sent back by the API, that token is written to localstorage. But the next api call (to get data) does not use it, it is still using the previous token.

The Rails api throws the error “Filter chain halted as authenticate_user! redirected”.

The next api request succeeds.

What is also strange is that if I add this test method to see what happens in the Rails application_controller, I get the output shown by “->”:

  before_action :test
  respond_to :json
  include Devise::Controllers::Helpers
  include DeviseTokenAuth::Concerns::SetUserByToken
  
  def test
    puts '****'
    puts request.env["HTTP_ACCESS_TOKEN"] -> shows the token (ie the old one)
    puts request.env["access-token"] -> shows nothing
    authenticate_user!
  end