Persist session after refresh

[godtierbatuhan99]

Any idea how to persist the user's session after a googe LOGIN? From google we receive apparently an id_token... tried saving that in local storage but it has no effect. A silent authentication doensn't really work as well...

[VictorZakharov]

Also it's interesting that the demo page can log in automatically, but having the same code in my app needs to click the button. I don't understand why the behavior is different.

[lwestfall]

I duplicated this issue by accident in #747. I'll close and track here instead.

GoogleLoginProvider should persist the token(s?) to localStorage, and try to get them on initialize so it can instantiate _socialUser when present.

The issue is that on browser refresh for a signed-in user, _socialUser will always be null unless the user signs back in (even if we persist the token outside of the provider). This defeats any possibility of refreshing the token after a refresh (which itself seems broken, see #745)

I can attempt a PR this week.

Details to work out (some are notes to self):

• How to handle expired tokens (should it not instantiate _socialUser in this case?)
• signOut should clear anything the provider persists

[sscots]

+1
My issue is that if a user goes directly to a protected page, then I don't want to redirect them to a login page.

So I have a canActivate waiting on authState. If they aren't logged in, authState returns null 1 time. If they are logged in, it returns null 1st then the social user 2nd.
How do I know if authState is going to return once or twice?