我正在使用MEAN堆栈构建的SPA中实现fb身份验证。虽然我已经使用facebook令牌护照策略成功实现了fb身份验证,但我在保护API端点方面遇到了问题。因为我需要在$ http服务中传递经过身份验证的用户对象和访问令牌,并且我尝试将access_token作为用户对象的属性传递,并且还作为标头属性,但我仍然是401(未经授权的错误)。以下是我的代码段。
Passport文档说“授权:Bearer base64_access_token_string”。令牌应该以base64格式编码吗?请帮助。
服务器代码
app.get('/api/getbikes*',
passport.authenticate('facebook-token',{session: false}),
function(req,res){
if(req.user){
console.log('In getbikes api');
// console.log('req.query :',req.query);
var msg="";
ubBike
.find({cust:req.query._id})
.populate('cust','email')
.exec(function(err,bikes){
res.send(bikes);
if(err) throw err;
});
}
else
{
res.send(401);
}
});
角度代码
服务
this.getbikes = function(user){
var deferred = $q.defer();
$http({
method:"GET",
url:"http://localhost:3000/api/getbikes",
params: user,
headers:{
Authorization:auth.getAccesstoken()
}
}).then(function successCallback(srresponse){
deferred.resolve(srresponse.data);
},
function failureCallback(srresponse){
$log.error("get bikes http call failed ",srresponse.data);
deferred.reject(srresponse.data);
});//$http
return deferred.promise;
};//getbikes
控制器
$scope.fblogin= function(){
auth.fblogin().then(
function(response){
$scope.isAuth = auth.isAuth;
$scope.usr =auth.getResponseobj();
$scope.usr.access_token=auth.getAccesstoken();
$scope.profpic=auth.profpic;
bike.getbikes($scope.usr).then(function(response){
if (response.length ==0)
{
$location.path('/addbike');//redirect to addbike screen
}
else{
$location.path('/appoint');//else redirect to view appointment screen
}
},function(reason){
$scope.msg1 = reason;
});//getbikes
},function(reason){
$log.log("fblogin() - failure :Need to login to the application :"+reason);
})
};//fblogin
答案 0 :(得分:1)
令人惊讶的是,当我发送标题为“Authorization:Bearer access_token_string”,即fb令牌没有base64编码时,API身份验证工作完全正常。这与护照facebook令牌文档https://github.com/drudge/passport-facebook-token
相反