What certificate?

i would like to include the cookies while sending the token request.
is it possible to set xhr.withCredentials = true; in JsonService.js

This is really required. I am sending the token as a cookie from an api to avoid access token stroring either in session or local storage in the client side. if we dont make withcredentials = true, it ignores the repsonse cookies and cookies are not attached to the subsequent requests..

@brockallen There is an open pull request that fixes this issue. Please let me know if there are any changes needed.

And if you do something like this.
To have your own XMLHttpRequest Factory?

Global.setXMLHttpRequest(function () {
  var request = new XMLHttpRequest();
  request.withCredentials = true;
  return request;
});