我应该在哪里注入承载令牌，在AngularJS $ HTTP？ [英] Where should I inject Bearer tokens into $http in AngularJS?

问题描述

用户的凭据已被接受后，我取承载令牌[1]和更新默认标头：

  $ http.defaults.headers.common.Authorization =承载＃{} data.access_token
 

这是在$ scope.signIn（）方法的最后完成。将令牌可以在整个会话持续性或我应该使用其他工艺？

[1] https://github.com/doorkeeper-gem /门卫/维基/客户凭证流

  app.run运行=（$ HTTP，会话） -  GT;
    令牌= session.get（'令牌'）
    $ http.defaults.headers.common ['授权'] =令牌
 

解决方案

解决这个问题的一个好方法是创建一个authInterceptor工厂负责添加头部到所有$ http请求：

  angular.module（你的应用）。工厂（'authInterceptor'，[
  $ Q，$窗口，$位置，会话，函数（$ Q $窗口，$位置，会话）{
    返回{
      要求：功能（配置）{
        config.headers = config.headers || {};
        config.headers.Authorization ='承载'+ session.get（'令牌'）; //从您的服务或任何添加您的令牌
        返回配置;
      }，
      回应：功能（响应）{
        返回响应|| $ q.when（响应）;
      }，
      responseError：函数（拒绝）{
        //你的错误处理程序
      }
    };
  }
]）;
 

然后在您的app.run：

  //发送请求与身份验证令牌
$ httpProvider.interceptors.push（'authInterceptor'）;
 

现在所有的请求，$ HTTP（或$资源为此事）提出将沿授权头发送。

这样做，这样，而不是改变$ http.defaults意味着你得到了请求和响应的方式更多的控制，再加上你可以使用自定义的错误处理过或使用任何逻辑，你要确定身份验证令牌是否要发送还是不行。

After the user's credential has been accepted I fetch the Bearer token [1] and update the default headers:

     $http.defaults.headers.common.Authorization = "Bearer #{data.access_token}"

This is done at the end of the $scope.signIn() method. Will the tokens be persistent throughout the entire session or should I use an other technic?

[1] https://github.com/doorkeeper-gem/doorkeeper/wiki/Client-Credentials-flow

app.run run = ($http, session) ->
    token = session.get('token')
    $http.defaults.headers.common['Authorization'] = token

解决方案

A great way to solve this problem is to create an authInterceptor factory responsible for adding the header to all $http requests:

angular.module("your-app").factory('authInterceptor', [
  "$q", "$window", "$location", "session", function($q, $window, $location, session) {
    return {
      request: function(config) {
        config.headers = config.headers || {};
        config.headers.Authorization = 'Bearer ' + session.get('token'); // add your token from your service or whatever
        return config;
      },
      response: function(response) {
        return response || $q.when(response);
      },
      responseError: function(rejection) {
        // your error handler
      }
    };
  }
]);

Then in your app.run:

// send auth token with requests
$httpProvider.interceptors.push('authInterceptor');

Now all requests made with $http (or $resource for that matter) will send along the authorization header.

Doing it this way instead of changing $http.defaults means you get way more control over the request and response, plus you can use a custom error handler too or use whatever logic you want to determine whether the auth token should be sent or not.

这篇关于我应该在哪里注入承载令牌，在AngularJS $ HTTP？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！