使用angular.js中的OAuth2创建的令牌管理身份验证

时间:2015-04-28 12:16:12

标签: javascript angularjs symfony

我的消息基于此消息http://stackoverflow.com/questions/26748106/how-to-manage-authentication-with-token-in-angular-js 我有一个PHP5后端(Symfony2)和一个带有(angularJS)的前端我已成功用后端创建令牌,但我遇到了angularjs的问题,我必须从URL获取令牌并将其放入每个请求获取每个示例的客户端列表,这就是我所做的:

控制器:signin.js

'use strict';
  // signin controller
app.controller('SigninFormController', ['$scope','$http', '$state','$localStorage','authorizationInterceptor', function($scope, $http, $state,$localStorage,authorizationInterceptor) {
    $scope.user = {};
    $scope.authError = null;
    $scope.login = function() {
    $scope.authError = null;
      // Try to login
    $http({method: 'POST', url: 'myURL/oauth/v2/token?client_id=clientID&client_secret=clientSecret&grant_type=client_credentials'})
   .success(function(response){
     if (response.data.user) {  
     $scope.errors.splice(0, $scope.errors.length); 
     $scope.msgs.splice(0, $scope.msgs.length);
     $scope.posts = data; // response data 
     var token = this.$window.sessionStorage($scope.posts.access_token);
     console.log(""+token);
     console.log("success");
     $state.go('app.home');}
   })
   .error(function(data, status, headers, config) {
    $scope.authError = 'Email or Password not right';
    console.log("data error ...");
  });

    };

和我的服务:access-services.js

.factory('Security', ['$http', function ($http) {
        var token;
        function login(email, password) {
            return $http.post('/auth/login', {email: email, password: password})
                .then(function (response) {

                    if (response.data.token) {
                        token=response.data.token;
                    }
                });
        }

        function getToken(){
            return token;
        }

        return {
            login:login,
            token:getToken
        }; }])
.factory('authorizationInterceptor', ['Security', function (Security) {
        return {
            request: function (config) {
                var token=Security.getToken();
                config.headers = config.headers || {};
                if (token) {
                    config.headers.Authorization = 'Bearer ' + token;
                }
                return config;} }; }]);

但这是我在控制台中得到的: enter image description here

感谢您的帮助

2 个答案:

答案 0 :(得分:1)

使用像这样的令牌拦截器:

app.factory('TokenInterceptor', function($q, $window) {
  return {
    request: function(config) {
      config.headers = config.headers || {};
      if ($window.sessionStorage.token) {
        config.headers['X-Access-Token'] = $window.sessionStorage.token;
        config.headers['X-Key'] = $window.sessionStorage.user;
        config.headers['Content-Type'] = "application/json";
      }
      return config || $q.when(config);
    },

    response: function(response) {
      return response || $q.when(response);
    }
  };
});

然后在app.config中使用它,就像这样

$httpProvider.interceptors.push('TokenInterceptor');

答案 1 :(得分:1)

你必须使用角度来使用令牌拦截器。这可以在app config阶段完成

yourApp.config(function($httpProvider) {
    $httpProvider.interceptors.push("authorizationInterceptor");
});

我建议你阅读以下系列文章。虽然它们是针对ASP.net MVC编写的,但所提出的概念是通用的

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

希望这有帮助