AngularJS - 处理刷新令牌? [英] AngularJS - Handling refresh token?

问题描述

我正在使用 AngularJS 构建 SPA，并与服务 (JAVA) 进行通信.

I'm building a SPA with AngularJS with communication to a service (JAVA).

当用户发送他的用户名/通行证时，服务会发回:访问令牌和刷新令牌.我正在尝试处理:如果我收到状态为 401 的响应，请发回刷新令牌，然后再次发送您的最后一个请求.我试图通过包含 $http 来做到这一点，但 angular 不允许我将它包含在这个拦截器中.有没有办法用我收到的这个响应参数重新创建原始请求?

When user sends his username/pass, service sends back both: Acces token and Refresh token. I'm trying to handle: if I get response with status 401, send back refresh token and then send your last request again. I tried to do that with including $http, but angular doesn't let me include it in this interceptor. Is there any way to recreate the original request with this response parameter I'm recieving?

类似于:

1. 我收到 401
2. 保存我的请求
3. 如果我有刷新令牌，请发送该刷新令牌
4. 成功后重新发送我的请求

5. 错误重定向到/login 页面

1. I get 401
2. save my request
3. if I have a refresh token send that refresh token
4. on success resend my request

5. on error redirect to /login page

'use strict';

angular.module('testApp')
    .factory('authentificationFactory', function($rootScope, $q, $window, $location, CONF) {

return {
    request: function(config) {
        config.headers = config.headers || {};
        if ($window.sessionStorage.token) {
            config.headers.Authorization = 'Bearer ' + $window.sessionStorage.token;
        }
        console.log(config);
        $rootScope.lastRequest = config;
        return config;
    },

    response: function(response) {
        console.log($rootScope.lastRequest);
        if (response.status === 401) {
            if ($window.sessionStorage.refreshToken) {

                //Save, request new token, send old response
                //if it fails, go to login

                $location.url('/login');
            } else {
                $location.url('/login');
            }
        }
        return response || $q.when(response);
    }
};
});

额外问题(主要问题更重要):有 2 个移动应用程序也将连接到我的服务，当我从我的网络应用程序登录时，几分钟后从我的移动应用程序登录，移动应用程序需要新的刷新令牌和我的网络应用程序的刷新令牌不再有效.处理这种情况的最佳选择是什么?

Bonus Question (the main question is more important): There are 2 mobile apps that will also connect to my service, and when I log in from my web app, and few moments later from my mobile app, mobile app takes a new refresh token and my web app's refresh token is valid no more. What would be the best option for dealing with that?

感谢您的时间，最好的问候

Thank you for your time, Best regards

推荐答案

看看这个:https://github.com/witoldsz/angular-http-auth.

他使用缓冲区在身份验证后重放请求.

He uses a buffer to replay the requests after authentication.

这篇关于AngularJS - 处理刷新令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！