oauthjs · jonkoops · Jun 22, 2016
diff --git a/README.md b/README.md
@@ -17,7 +17,6 @@ Choose your preferred method:
 ###### 1. Download `angular-oauth2` dependencies.
 
 * [angular](https://github.com/angular/bower-angular)
-* [angular-cookies](https://github.com/angular/bower-angular-cookies)
 * [query-string](https://github.com/sindresorhus/query-string)
 
 If you're using `bower` they will be automatically downloaded upon installing this library.
@@ -26,7 +25,6 @@ If you're using `bower` they will be automatically downloaded upon installing th
 
 ```html
 <script src="<VENDOR_FOLDER>/angular/angular.min.js"></script>
-<script src="<VENDOR_FOLDER>/angular-cookies/angular-cookies.min.js"></script>
 <script src="<VENDOR_FOLDER>/query-string/query-string.js"></script>
 <script src="<VENDOR_FOLDER>/angular-oauth2/dist/angular-oauth2.min.js"></script>
 ```
@@ -88,8 +86,7 @@ Check authentication status:
 
 ```js
 /**
- * Verifies if the `user` is authenticated or not based on the `token`
- * cookie.
+ * Verifies if the `user` is authenticated or not based on the token.
  *
  * @return {boolean}
  */
@@ -101,7 +98,7 @@ Get an access token:
 
 ```js
 /**
- * Retrieves the `access_token` and stores the `response.data` on cookies
+ * Retrieves the `access_token` and stores the `response.data` in session
  * using the `OAuthToken`.
  *
  * @param {object} user - Object with `username` and `password` properties.
@@ -116,7 +113,7 @@ Refresh access token:
 
 ```js
 /**
- * Retrieves the `refresh_token` and stores the `response.data` on cookies
+ * Retrieves the `refresh_token` and stores the `response.data` in session
  * using the `OAuthToken`.
  *
  * @return {promise} A response promise.
@@ -129,7 +126,7 @@ Revoke access token:
 
 ```js
 /**
- * Revokes the `token` and removes the stored `token` from cookies
+ * Revokes the `token` and removes the stored `token` from session
  * using the `OAuthToken`.
  *
  * @return {promise} A response promise.
@@ -147,16 +144,11 @@ OAuth.revokeToken()
 
 #### OAuthTokenProvider
 
-`OAuthTokenProvider` uses [angular-cookies](https://github.com/angular/bower-angular-cookies) to store the cookies. Check the [available options](https://code.angularjs.org/1.4.0/docs/api/ngCookies/service/$cookies).
-
 Configuration defaults:
 
 ```js
 OAuthTokenProvider.configure({
-  name: 'token',
-  options: {
-    secure: true
-  }
+  name: 'token'
 });
 ```
 

diff --git a/bower.json b/bower.json
@@ -24,7 +24,6 @@
   ],
   "dependencies": {
     "angular": "^1.4.0",
-    "angular-cookies": "^1.4.0",
     "query-string": "^1.0.0"
   }
 }
diff --git a/gulpfile.js b/gulpfile.js
@@ -29,13 +29,13 @@ var config = {
     template: `
       (function(root, factory) {
         if (typeof define === 'function' && define.amd) {
-          define([ "angular", "angular-cookies", "query-string" ], factory);
+          define([ "angular", "query-string" ], factory);
         } else if (typeof exports === 'object') {
-          module.exports = factory(require("angular"), require("angular-cookies"), require("query-string"));
+          module.exports = factory(require("angular"), require("query-string"));
         } else {
-          root.<%= namespace %> = factory(root.angular, 'ngCookies', root.queryString);
+          root.<%= namespace %> = factory(root.angular, root.queryString);
         }
-      }(this, function(angular, ngCookies, queryString) {
+      }(this, function(angular, queryString) {
         <% if (exports) { %>
           <%= contents %>
           return <%= exports %>;

diff --git a/karma.conf.js b/karma.conf.js
@@ -15,7 +15,6 @@ module.exports = function(config) {
     browsers: [argv.browsers || 'Chrome'],
     files: [
       'node_modules/angular/angular.js',
-      'node_modules/angular-cookies/angular-cookies.js',
       'node_modules/query-string/query-string.js',
       'node_modules/lodash/lodash.js',
       'node_modules/angular-mocks/angular-mocks.js',

diff --git a/package.json b/package.json
@@ -23,7 +23,6 @@
   "homepage": "https://github.com/seegno/angular-oauth2",
   "dependencies": {
     "angular": "^1.4.0",
-    "angular-cookies": "^1.4.0",
     "query-string": "^1.0.0"
   },
   "devDependencies": {

diff --git a/src/angular-oauth2.js b/src/angular-oauth2.js
@@ -8,11 +8,8 @@ import OAuthProvider from './providers/oauth-provider';
 import OAuthTokenProvider from './providers/oauth-token-provider';
 import oauthConfig from './config/oauth-config';
 import oauthInterceptor from './interceptors/oauth-interceptor';
-import ngCookies from 'angular-cookies';
 
-var ngModule = angular.module('angular-oauth2', [
-    ngCookies
-  ])
+var ngModule = angular.module('angular-oauth2', [])
   .config(oauthConfig)
   .factory('oauthInterceptor', oauthInterceptor)
   .provider('OAuth', OAuthProvider)

diff --git a/src/providers/oauth-provider.js b/src/providers/oauth-provider.js
@@ -91,8 +91,7 @@ function OAuthProvider() {
       }
 
       /**
-       * Verifies if the `user` is authenticated or not based on the `token`
-       * cookie.
+       * Verifies if the `user` is authenticated or not based on the token.
        *
        * @return {boolean}
        */
@@ -102,7 +101,7 @@ function OAuthProvider() {
       }
 
       /**
-       * Retrieves the `access_token` and stores the `response.data` on cookies
+       * Retrieves the `access_token` and stores the `response.data` in session
        * using the `OAuthToken`.
        *
        * @param {object} data - Request content, e.g., `username` and `password`.
@@ -137,7 +136,7 @@ function OAuthProvider() {
       }
 
       /**
-       * Retrieves the `refresh_token` and stores the `response.data` on cookies
+       * Retrieves the `refresh_token` and stores the `response.data` in session
        * using the `OAuthToken`.
        *
        * @param {object} data - Request content.
@@ -173,7 +172,7 @@ function OAuthProvider() {
       }
 
       /**
-       * Revokes the `token` and removes the stored `token` from cookies
+       * Revokes the `token` and removes the stored `token` in session
        * using the `OAuthToken`.
        *
        * @param {object} data - Request content.

diff --git a/src/providers/oauth-token-provider.js b/src/providers/oauth-token-provider.js
@@ -11,10 +11,7 @@ import angular from 'angular';
 
 function OAuthTokenProvider() {
   var config = {
-    name: 'token',
-    options: {
-      secure: true
-    }
+    name: 'token'
   };
 
   /**
@@ -39,23 +36,29 @@ function OAuthTokenProvider() {
    * OAuthToken service.
    */
 
-  this.$get = function($cookies) {
+  this.$get = function() {
     class OAuthToken {
 
       /**
        * Set token.
        */
 
       setToken(data) {
-        return $cookies.putObject(config.name, data, config.options);
+        sessionStorage.setItem(config.name, JSON.stringify(data));
       }
 
       /**
        * Get token.
        */
 
       getToken() {
-        return $cookies.getObject(config.name);
+        var token = JSON.parse(sessionStorage.getItem(config.name));
+
+        if (null === token) {
+          return;
+        }
+
+        return token;
       }
 
       /**
@@ -99,14 +102,12 @@ function OAuthTokenProvider() {
        */
 
       removeToken() {
-        return $cookies.remove(config.name, config.options);
+        sessionStorage.removeItem(config.name);
       }
     }
 
     return new OAuthToken();
   };
-
-  this.$get.$inject = ['$cookies'];
 }
 
 /**

diff --git a/test/mocks/angular-cookies.mock.js b/test/mocks/angular-cookies.mock.js
diff --git a/test/unit/interceptors/oauth-interceptor.spec.js b/test/unit/interceptors/oauth-interceptor.spec.js
@@ -5,7 +5,7 @@
 
 describe('oauthInterceptor', function() {
   beforeEach(function() {
-    angular.mock.module('angular-oauth2', 'angular-cookies.mock');
+    angular.mock.module('angular-oauth2');
   });
 
   afterEach(inject(function(OAuthToken) {

diff --git a/test/unit/providers/oauth-provider.spec.js b/test/unit/providers/oauth-provider.spec.js
@@ -125,7 +125,7 @@ describe('OAuthProvider', function() {
 
   describe('$get()', function() {
     beforeEach(function() {
-      angular.module('angular-oauth2.test', ['angular-cookies.mock'])
+      angular.module('angular-oauth2.test', [])
         .config(function(OAuthProvider) {
           OAuthProvider.configure(defaults);
         });
@@ -138,13 +138,13 @@ describe('OAuthProvider', function() {
     }));
 
     describe('isAuthenticated()', function() {
-      it('should be true when there is a stored `token` cookie', inject(function(OAuth, OAuthToken) {
+      it('should be true when there is a stored token', inject(function(OAuth, OAuthToken) {
         OAuthToken.setToken({ token_type: 'bearer', access_token: 'foo', expires_in: 3600, refresh_token: 'bar' });
 
         OAuth.isAuthenticated().should.be.true;
       }));
 
-      it('should be false when there is no stored `token` cookie', inject(function(OAuth) {
+      it('should be false when there is no stored token', inject(function(OAuth) {
         OAuth.isAuthenticated().should.be.false;
       }));
     });

diff --git a/test/unit/providers/oauth-token-provider.spec.js b/test/unit/providers/oauth-token-provider.spec.js
@@ -32,7 +32,7 @@ describe('OAuthTokenProvider', function() {
 
   describe('$get()', function() {
     beforeEach(function() {
-      angular.module('angular-oauth2.test', ['angular-cookies.mock'])
+      angular.module('angular-oauth2.test', [])
         .config(function(OAuthProvider) {
           OAuthProvider.configure({
             baseUrl: 'https://api.website.com',