Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where should I inject Bearer tokens into $http in AngularJS?

After the user's credential has been accepted I fetch the Bearer token [1] and update the default headers:

     $http.defaults.headers.common.Authorization = "Bearer #{data.access_token}"

This is done at the end of the $scope.signIn() method. Will the tokens be persistent throughout the entire session or should I use an other technic?

[1] https://github.com/doorkeeper-gem/doorkeeper/wiki/Client-Credentials-flow

app.run run = ($http, session) ->
    token = session.get('token')
    $http.defaults.headers.common['Authorization'] = token
like image 245
martins Avatar asked Jul 29 '14 06:07

martins


People also ask

Where do I put the bearer token?

Bearer token The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value. For added security, store it in a variable and reference the variable by name.

How do you pass a bearer token?

To send a request with the Bearer Token authorization header, you need to make an HTTP request and provide your Bearer Token with the "Authorization: Bearer {token}" header. A Bearer Token is a cryptic string typically generated by the server in response to a login request.

How is the bearer token sent to the server?

The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources: Authorization: Bearer <token>

How do I send a bearer token in REST API?

To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.


1 Answers

A great way to solve this problem is to create an authInterceptor factory responsible for adding the header to all $http requests:

angular.module("your-app").factory('authInterceptor', [
  "$q", "$window", "$location", "session", function($q, $window, $location, session) {
    return {
      request: function(config) {
        config.headers = config.headers || {};
        config.headers.Authorization = 'Bearer ' + session.get('token'); // add your token from your service or whatever
        return config;
      },
      response: function(response) {
        return response || $q.when(response);
      },
      responseError: function(rejection) {
        // your error handler
      }
    };
  }
]);

Then in your app.run:

// send auth token with requests
$httpProvider.interceptors.push('authInterceptor');

Now all requests made with $http (or $resource for that matter) will send along the authorization header.

Doing it this way instead of changing $http.defaults means you get way more control over the request and response, plus you can use a custom error handler too or use whatever logic you want to determine whether the auth token should be sent or not.

like image 143
mz3 Avatar answered Oct 10 '22 20:10

mz3