我应该在哪里注入承载令牌,在AngularJS $ HTTP? [英] Where should I inject Bearer tokens into $http in AngularJS?
问题描述
用户的凭据已被接受后,我取承载令牌[1]和更新默认标头:
$ http.defaults.headers.common.Authorization =承载#{} data.access_token
这是在$ scope.signIn()方法的最后完成。将令牌可以在整个会话持续性或我应该使用其他工艺?
[1] https://github.com/doorkeeper-gem /门卫/维基/客户凭证流
app.run运行=($ HTTP,会话) - GT;
令牌= session.get('令牌')
$ http.defaults.headers.common ['授权'] =令牌
解决这个问题的一个好方法是创建一个authInterceptor工厂负责添加头部到所有$ http请求:
angular.module(你的应用)。工厂('authInterceptor',[
$ Q,$窗口,$位置,会话,函数($ Q $窗口,$位置,会话){
返回{
要求:功能(配置){
config.headers = config.headers || {};
config.headers.Authorization ='承载'+ session.get('令牌'); //从您的服务或任何添加您的令牌
返回配置;
},
回应:功能(响应){
返回响应|| $ q.when(响应);
},
responseError:函数(拒绝){
//你的错误处理程序
}
};
}
]);
然后在您的app.run:
//发送请求与身份验证令牌
$ httpProvider.interceptors.push('authInterceptor');
现在所有的请求,$ HTTP(或$资源为此事)提出将沿授权头发送。
这样做,这样,而不是改变$ http.defaults意味着你得到了请求和响应的方式更多的控制,再加上你可以使用自定义的错误处理过或使用任何逻辑,你要确定身份验证令牌是否要发送还是不行。
After the user's credential has been accepted I fetch the Bearer token [1] and update the default headers:
$http.defaults.headers.common.Authorization = "Bearer #{data.access_token}"
This is done at the end of the $scope.signIn() method. Will the tokens be persistent throughout the entire session or should I use an other technic?
[1] https://github.com/doorkeeper-gem/doorkeeper/wiki/Client-Credentials-flow
app.run run = ($http, session) ->
token = session.get('token')
$http.defaults.headers.common['Authorization'] = token
A great way to solve this problem is to create an authInterceptor factory responsible for adding the header to all $http requests:
angular.module("your-app").factory('authInterceptor', [
"$q", "$window", "$location", "session", function($q, $window, $location, session) {
return {
request: function(config) {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + session.get('token'); // add your token from your service or whatever
return config;
},
response: function(response) {
return response || $q.when(response);
},
responseError: function(rejection) {
// your error handler
}
};
}
]);
Then in your app.run:
// send auth token with requests
$httpProvider.interceptors.push('authInterceptor');
Now all requests made with $http (or $resource for that matter) will send along the authorization header.
Doing it this way instead of changing $http.defaults means you get way more control over the request and response, plus you can use a custom error handler too or use whatever logic you want to determine whether the auth token should be sent or not.
这篇关于我应该在哪里注入承载令牌,在AngularJS $ HTTP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!