readme updates and dist for 0.1.6

README.md

@@ -133,6 +133,8 @@ angular
     });
 ```
 
+Note that you only need to provide the domain. Protocols (ex: `http://`) and port numbers should be omitted. 
+
 ### Not Sending the JWT for Template Requests
 
 The `tokenGetter` method can have a parameter `options` injected by angular-jwt. This parameter is the options object of the current request.
@@ -187,9 +189,9 @@ angular
   }
 ```
 
-## Managing Authentication state with authManager
+## Managing Authentication state with `authManager`
 
-Almost all applications that implement authentication need some indication of whether the user is authenticated or not. The **authManager** service provides a way to determine if users are authenticated or not. This can be useful for conditionally showing and hiding different parts of the UI.
+Almost all applications that implement authentication need some indication of whether the user is authenticated or not and the **authManager** service provides a way to do this. Typical cases include conditionally showing and hiding different parts of the UI, checking whether the user is authenticated when the page is refreshed, and restricting routes to authenticated users.
 
 ```html
   <button ng-if="!isAuthenticated">Log In</button>
@@ -225,6 +227,42 @@ tokenGetter: ['options', function (options) {
 ...
 ```
 
+#### Responding to an Expired Token on Page Refresh
+
+If the user is holding an expired JWT when the page is refreshed, the action that is taken is at your discretion. You may use the `tokenHasExpired` event to listen for expired tokens on page refresh and respond however you like.
+
+```js
+// app.run.js
+
+...
+
+$rootScope.$on('tokenHasExpired', function() {
+  alert('Your session has expired!');
+});
+
+```
+### Limiting Access to Routes
+
+Access to various client-side routes can be limited to users who have an unexpired JWT, which is an indication that they are authenticated. Use `requiresLogin: true` on whichever routes you want to protect.
+
+```js
+...
+
+.state('ping', {
+  url: '/ping',
+  controller: 'PingController',
+  templateUrl: 'components/ping/ping.html',
+  controllerAs: 'vm',
+  data: {
+    requiresLogin: true
+  }
+});
+
+...
+```
+
+> **Note:** Protecting a route on the client side offers no guarantee that a savvy user won't be able to hack their way to that route. In fact, this could be done simply if the user alters the expiry time in their JWT with a tool like [jwt.io](https://jwt.io). Always ensure that sensitive data is kept off the client side and is protected on the server. 
+
 ### Redirecting the User On Unauthorized Requests
 
 When the user's JWT expires and they attempt a call to a secured endpoint, a 401 - Unauthorized response will be returned. In these cases you will likely want to redirect the user back to the page/state used for authentication so they can log in again. This can be done with the `redirectWhenUnauthenticated` method in the application's `run` block.

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "angular-jwt",
-  "version": "0.1.3",
+  "version": "0.1.6",
   "description": "Library to help you work with JWTs on AngularJS",
   "authors": [
     {

dist/angular-jwt.js

@@ -21,6 +21,16 @@ angular.module('angular-jwt.authManager', [])
 
       var config = jwtOptions.getConfig();
 
+      function invokeToken(tokenGetter) {
+        var token = null;
+        if (Array.isArray(tokenGetter)) {
+          token = $injector.invoke(tokenGetter, this, {options: null});
+        } else {
+          token = config.tokenGetter();
+        }
+        return token;
+      }      
+
       $rootScope.isAuthenticated = false;
 
       function authenticate() {
@@ -33,16 +43,12 @@ angular.module('angular-jwt.authManager', [])
 
       function checkAuthOnRefresh() {
         $rootScope.$on('$locationChangeStart', function () {
-          var tokenGetter = config.tokenGetter;
-          var token = null;
-          if (Array.isArray(tokenGetter)) {
-            token = $injector.invoke(tokenGetter, this, {options: null});
-          } else {
-            token = config.tokenGetter();
-          }
+          var token = invokeToken(config.tokenGetter);
           if (token) {
             if (!jwtHelper.isTokenExpired(token)) {
               authenticate();
+            } else {
+              $rootScope.$broadcast('tokenHasExpired', token);
             }
           }
         });
@@ -59,6 +65,25 @@ angular.module('angular-jwt.authManager', [])
           unauthenticate();
         });
       }
+
+      function verifyRoute(event, next) {
+        if (!next) {
+          return false;
+        }
+
+        var routeData = (next.$$route) ? next.$$route : next.data;
+
+        if (routeData && routeData.requiresLogin === true) {
+          var token = invokeToken(config.tokenGetter);
+          if (!token || jwtHelper.isTokenExpired(token)) {
+            config.unauthenticatedRedirector($location);
+            event.preventDefault();
+          }
+        }
+      }
+
+      var eventName = ($injector.has('$state')) ? '$stateChangeStart' : '$routeChangeStart';
+      $rootScope.$on(eventName, verifyRoute);
 
       return {
         authenticate: authenticate,
@@ -68,7 +93,6 @@ angular.module('angular-jwt.authManager', [])
       }
     }]
   });
-
 angular.module('angular-jwt.interceptor', [])
   .provider('jwtInterceptor', function() {
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "angular-jwt",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Library to help you work with JWTs on AngularJS",
   "main": "index.js",
   "license": "MIT",

src/angularJwt/services/authManager.js

@@ -5,6 +5,16 @@ angular.module('angular-jwt.authManager', [])
 
       var config = jwtOptions.getConfig();
 
+      function invokeToken(tokenGetter) {
+        var token = null;
+        if (Array.isArray(tokenGetter)) {
+          token = $injector.invoke(tokenGetter, this, {options: null});
+        } else {
+          token = config.tokenGetter();
+        }
+        return token;
+      }      
+
       $rootScope.isAuthenticated = false;
 
       function authenticate() {
@@ -17,13 +27,7 @@ angular.module('angular-jwt.authManager', [])
 
       function checkAuthOnRefresh() {
         $rootScope.$on('$locationChangeStart', function () {
-          var tokenGetter = config.tokenGetter;
-          var token = null;
-          if (Array.isArray(tokenGetter)) {
-            token = $injector.invoke(tokenGetter, this, {options: null});
-          } else {
-            token = config.tokenGetter();
-          }
+          var token = invokeToken(config.tokenGetter);
           if (token) {
             if (!jwtHelper.isTokenExpired(token)) {
               authenticate();
@@ -54,8 +58,8 @@ angular.module('angular-jwt.authManager', [])
         var routeData = (next.$$route) ? next.$$route : next.data;
 
         if (routeData && routeData.requiresLogin === true) {
-          var token = config.tokenGetter();
-          if (!token || jwtHelper.isTokenExpired(config.tokenGetter())) {
+          var token = invokeToken(config.tokenGetter);
+          if (!token || jwtHelper.isTokenExpired(token)) {
             config.unauthenticatedRedirector($location);
             event.preventDefault();
           }
@@ -72,4 +76,4 @@ angular.module('angular-jwt.authManager', [])
         redirectWhenUnauthenticated: redirectWhenUnauthenticated
       }
     }]
-  });
+  });