New cordova app + documentation - additional steps not in docs:

• Add `* file:` to `default-src` in `Content-Security-Policy` meta tag in `index.html` - it can look like this: `<meta http-equiv="Content-Security-Policy" content="default-src * file: 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">`
• `cordova plugin add cordova-plugin-inappbrowser`
• add `<access origin="*" />` to `config.xml`
• use e.g. browserify so you can use `require` statements
• in `init` snippet there should be `require` instead of `import`

New cordova app + documentation + android + self-signed certs - additional steps not in docs:

• Add `network_security_config.xml` to your project - https://gist.github.com/jhellar/af38664dc14f07d7dcc77178765f2462
• Include it in `config.xml` file under platform `android` with - https://gist.github.com/jhellar/b566abe166bbb2a6b28ececb027c74e1
• Add `xmlns:android="http://schemas.android.com/apk/res/android"` to `widget` tag in `config.xml`

In documentation there are no code examples for how to:

• determine that user is authenticated (`authService.isAuthenticated()`)
• get user profile (`authService.loadUserProfile().then(...).catch(...)`)

In documentation http://docs.aerogear.org/aerogear/latest/identity-management.html#refreshing-the-authentication-token cordova example should be `authService.extract()...` instead of `authService.service.extract()...`