I got following oauth2 implementation:
- My front-end (SPA), written in angular2 is served from
frontend.mydomain.com. - When user is logging in, he is connecting to
auth.mydomain.com, backend responds with access token, and set httpOnly cookie containing refresh token.
this is how I set cookie:
@RequestMapping(path="/retrieve", method = RequestMethod.GET)public String getToken(HttpServletResponse resp, @RequestParam("username") String username, @RequestParam("password") String password) { String[] tokens = //retrieve tokens logic, values are not important Cookie cookie = new Cookie("token", tokens[1]); resp.addCookie(cookie); return tokens[2];}- Data is retrieved from
resources.mydomain.com(requests are send with access token) - when token expires I want to refresh it via sending request to
auth.mydomain.com- server should retrieve refresh token from cookie and respond with new access token.
I think that I have issue in point 2, which is affecting point 4 - no cookie is sent. org.springframework.web.bind.ServletRequestBindingException: Missing cookie 'token' for method parameter of type Object
Why? What can I do to force browser to save and send this cookie?
When I take a look inside my browser (developer tooles) I can see that rest response sends cookie: 
But no cookie is stored in the browser: