authorization flow

    next: ActivatedRouteSnapshot,

    state: RouterStateSnapshot): Promise<boolean> {

    const url: string = state.url;

    console.log('before refresh user');

    const loginCheck = await this.checkLogin(url);

    if (loginCheck) {

      await this.refreshUser();

    console.log('after refresh user');

    return await this.checkLogin(url);

      return true;

    }

    // Store the attempted URL for redirecting

    this.authService.redirectUrl = url;

    console.log('set authService redirect url in authenticated guard to ', this.authService.redirectUrl);

    this.authService.logout().subscribe(

      () => {

        this.redirectToLogin(url);

      }, (error: any) => {

        console.log('error at logout: ', error);

        this.authService.clearAuthData();

        this.redirectToLogin(url);

      });

  }

  canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {

  private async checkLogin(url: string):  Promise<boolean> {

    console.log('Checking login for route ', url);

    if (this.authService.isLoggedIn()) {

    if (this.authService.hasValidAccessToken()) {

      console.log('Login check successful.');

      return true;

    }

          return of(false);

        }).toPromise();

    } else {

      // Store the attempted URL for redirecting

      this.authService.redirectUrl = url;

      console.log('set authService redirect url  in authenticated guard to ', this.authService.redirectUrl);

      this.authService.logout().subscribe(

        () => {

          this.redirectToLogin(url);

        }, (error: any) => {

          console.log('error at logout: ', error);

          this.authService.clearAuthData();

          this.redirectToLogin(url);

        });

      return false;

    }

  }

  private checkLogin(url: string): boolean {

    console.log('Checking login for route ', url, ' - must be unauthenticated');

    if (this.authService.isLoggedIn()) {

    if (this.authService.hasValidAccessToken()) {

      console.log('Login check successful, redirecting to dashboard');

      this.router.navigateByUrl('/dashboard').then(() => {

        this.flashMessagesService.show('You are already logged in.', {cssClass: 'alert-danger'});

      });

    } else {

      console.log('Login check unsuccessful, staying on login page');

      this.authService.clearAuthData();

      return true;

    }

  }

  }

  // TODO: use token freshness http://flask-jwt-extended.readthedocs.io/en/latest/token_freshness.html

  public isLoggedIn() {

    console.log('checking logged in user');

  public hasValidAccessToken() {

    console.log('checking access token');

    const accessToken = localStorage.getItem('access_token');

    if (accessToken === null) {

    if (accessToken == null) {

      console.log('no access token found -> false');

      return false;

    }

    const isExpired = this.jwtHelper.isTokenExpired(accessToken);

    if (isExpired) {

      console.log('found non-expired token -> true');

      console.log('found expired access token -> false');

      return false;

    }

    return true;

  public refreshAccessToken() {

    console.log('refreshing access token');

    const refreshToken = localStorage.getItem('refresh_token');

    // removes the current access token form local storage, otherwise it gets sent in the authorization header

    localStorage.removeItem('access_token');

    let headers = new HttpHeaders();

    headers = headers.append('Authorization', 'Bearer ' + refreshToken);

    return this.http.post(environment.baseUrl + '/api/v1.0/auth/refresh', {}, {headers: headers}).pipe(