Monkey Patch XMLHttpRequest -- inject bearer token and verify response

platform/app/public/config/default.js

@@ -1,6 +1,10 @@
 /** @type {AppTypes.Config} */
-
+function sas_get_token() {
+  //implement token here
+  return "kris-check-token-is-here";
+}
 window.config = {
+  sasGetToken: sas_get_token,
   routerBasename: '/',
   // whiteLabeling: {},
   extensions: [],

platform/app/src/App.tsx

@@ -37,6 +37,38 @@ import appInit from './appInit.js';
 import OpenIdConnectRoutes from './utils/OpenIdConnectRoutes';
 import { ShepherdJourneyProvider } from 'react-shepherd';
 
+function injectAuth() {
+  console.log("---> Inject Auth");
+  const originalXHROpen = XMLHttpRequest.prototype.open;
+  const originalXHRSend = XMLHttpRequest.prototype.send;
+
+  //take from local storage for the token
+  // let authToken = '--kris-auth-token-check--';
+  let authToken = window.config.sasGetToken();
+
+  XMLHttpRequest.prototype.open = function (method, url, async, user, password) {
+    this._url = url; // Save URL if you want conditional logic
+    return originalXHROpen.apply(this, arguments);
+  };
+
+  XMLHttpRequest.prototype.send = function (body) {
+    this.setRequestHeader('Authorization', `Bearer ${authToken}`);
+    this.addEventListener('readystatechange', function () {
+      if (this.readyState === 4) { // DONE
+        try {
+          //check responseType ie json, and then check the auth response status
+          //redirect to custom login page if needed
+          console.log("response type :", this.responseType);
+          console.log("response :", this.response);
+          console.log("responseText :", this.responseText);
+        } catch (e) { }
+      }
+    });
+    return originalXHRSend.apply(this, arguments);
+  };
+}
+
+injectAuth();
 let commandsManager: CommandsManager,
   extensionManager: ExtensionManager,
   servicesManager: AppTypes.ServicesManager,