@pim I have to maintain the state. There are requests that only a certain group is allowed to make, so in order to know who's making that request the token must be saved locally and be used in the Authorization HEADER every time a request is made .