First off, CORS is a server-side thing. Lose all the headers junk in login(). Next, please read this post.
Done? checkToken(), which should be renamed because that’s not what it does, needs to return Observable<string>, because it’s of type C in that linked post, as getDataHomepage() cares about how it resolves. Its first word should also be return. That is going to make you have to rethink how it’s structured (likely using fromPromise and mergeMap), but once that’s done, then there will be no subscribe in it, and the subscribe will move to getDataHomepage instead, in which you will have the needed value.
Incidentally, I would strongly recommend looking into the interceptor feature introduced in the new HttpClient API, now that Ionic officially supports it. You can centralize all of your token management using it, so you won’t have to repeat all that boilerplate in other service provider methods.
Finally, storing passwords on device is extremely careless from a security perspective. Please stop doing that.