MobileServices.web.js未经授权的api调用 [英] MobileServices.web.js unauthorized api call

问题描述

当我使WinJS应用处于休眠状态一段时间然后返回到它，然后单击一个按钮时，由于某种原因，我对后端的调用无法正常工作.

When I leave my WinJS app dormant for a while and then come back to it, and i click on a button, for some reason my calls to my backend aren't working.

我从服务器收到未经授权"错误.

I get an "Unauthorized" error from the server.

如何修改invokeApi，以便它重新验证用户身份或其他内容?

How do I modify the invokeApi so that it reauthenticates the user or something?

是否有人有使用mobileservices.web.js的经验，以及如何使最终用户永久登录而不必重新认证自己?

Does anybody have any experience using mobileservices.web.js and how to keep the end user perpetually logged in without having to reauthenticate themselves?

谢谢.

client.invokeApi("getTopForumsTotal", {
    method: "post"
}).then(function (results) {
    // do something
}, function (error) {
    WinJS.log(error);
});

我使用winjs mobileService来验证用户身份.

I use winjs mobileService to authenticate the user.

client.login("microsoftaccount").done(function (results) {
    // Create a credential for the returned user.
    credential = new Windows.Security.Credentials.PasswordCredential("myapp", results.userId, results.mobileServiceAuthenticationToken);
    vault.add(credential);

    completeDispatcher();
}, function (error) {
    WinJS.log(JSON.stringify(error));
    errorDispatcher(error);
});

这就是我用来刷新最终用户令牌的方法.

and this is what I use to refresh the end users token.

client._request("GET", "/.auth/refresh", null, null, {
    accept: "application/json",
    "ZUMO-API-VERSION": "2.0.0"
}, [], (error, response) => {
    if (!error) {
        var userObject = JSON.parse(response.responseText)

        if (userObject.authenticationToken) {
            client.currentUser.mobileServiceAuthenticationToken = userObject.authenticationToken;

            testCall().done(function (success) {
                if (success) {
                    credential = new Windows.Security.Credentials.PasswordCredential("myapp", userObject.user.userId, userObject.authenticationToken);
                    vault.add(credential);
                    authenticated = true;
                    completeDispatcher();
                }
                else errorDispatcher('testCall API does not exist');
            });
        }
        else errorDispatcher('no authentication token returned');
    }
    else errorDispatcher(error);
});

推荐答案

我没有在每个API调用周围都包含承诺，而是在客户端上合并了一个空闲例程，该例程在用户令牌返回到应用程序时刷新和刷新用户令牌.令牌每闲置59秒.

Instead of wrapping a promise around every API call I just incorporated an idle routine on the client that refreshes the user token when they return to the app as well as refreshes the token every 59 seconds that they are idle.

因此，出于所有强烈的目的，它们将始终具有有效的令牌或永久状态.

So for all intense and purposes they will always have an valid token or perpetual state.

$(document).idle({
    onIdle: function () {
        // refresh user token
        if (User.Person !== null)
            User.Person.reauthenticate().done();
    },
    onActive: function () {
        // when the user returns refresh their token 1 more time
        if (User.Person !== null)
            User.Person.reauthenticate().done();
    },
    idle: 59000, // 59 seconds
    recurIdleCall: true // will keep refreshing every 59 seconds
});

https://github.com/kidh0/jquery.idle

这篇关于MobileServices.web.js未经授权的api调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！