Allow NbPasswordAuthStrategy.logout() without HTTP request

[nunovieira]

Issue type

I'm submitting a ... (check one with "x")

• bug report
• feature request

Issue description

Current behavior:
Using NbPasswordAuthStrategy.logout() there's always an HTTP request for the logout endpoint. But when using stateless JWT, the backend API will not have a logout endpoint.

Expected behavior:
Allow the configuration of logout (and other functions) without making an HTTP request. Some functions could require HTTP request (e.g. login), but others don't.

Steps to reproduce:
We need a backend API that doesn't have a logout endpoint, but has a login endpoint that provides a stateless JWT.

[Destreyf]

@nunovieira

Just throwing my opinion in the mix, I think allowing NbPasswordAuthStrategy.logout() to function without the HTTP request would be okay, however this means there's a JWT that if somehow stolen/acquired would still function, most implementations of JWT I've seen have a "blacklist" functionality where they'll add the token as a "deleted" or blacklisted token to prevent further authentication upon logout, i think the default should still call the HTTP endpoint but depending on the level of security required by your application it may be acceptable to not call the HTTP endpoint at all.

You could also have a global HTTP Interceptor and catch the logout request and instantly return "true" as a value, although this gets into a little more work.

[nnixaa]

At the moment the endpoint can be simply left empty so no call will be made.