I got following oauth2 implementation:

1. My front-end (SPA), written in angular2 is served from frontend.mydomain.com .
2. When user is logging in, he is connecting to auth.mydomain.com, backend responds with access token, and set httpOnly cookie containing refresh token.

this is how I set cookie:

@RequestMapping(path="/retrieve", method = RequestMethod.GET)
public String getToken(HttpServletResponse resp, @RequestParam("username") String username, @RequestParam("password") String password) {
    String[] tokens = //retrieve tokens logic, values are not important

    Cookie cookie = new Cookie("token", tokens[1]);
    resp.addCookie(cookie);

    return tokens[2];
}

3. Data is retrieved from resources.mydomain.com (requests are send with access token)
4. when token expires I want to refresh it via sending request to auth.mydomain.com - server should retrieve refresh token from cookie and respond with new access token.

I think that I have issue in point 2, which is affecting point 4 - no cookie is sent. org.springframework.web.bind.ServletRequestBindingException: Missing cookie 'token' for method parameter of type Object

Why? What can I do to force browser to save and send this cookie?

When I take a look inside my browser (developer tooles) I can see that rest response sends cookie:

But no cookie is stored in the browser: