PHP OAuth2无法弄清楚如何发送承载令牌

Question

我将我的不记名令牌设置为api.example.com从app.example.com发送到服务器，如下所示：

private appendAuthHeader(headers?: Headers) {
        headers = headers || new Headers();
        headers.append('Content-Type', 'application/x-www-form-urlencoded');
        let profJson = sessionStorage.getItem('profile'),
            profile: Token = this.isValidJson(profJson) ? JSON.parse(profJson) : new Token();

        if (profile && profile.access_token) {
            headers.append('Authorization', 'Bearer ' + profile.access_token);
        }
        return headers;
    }

它使它成为标题，并在本地工作，但在我的生产服务器上，我收到此错误：

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
    <head>
        <title>401 Authorization Required</title>
    </head>
    <body>
        <h1>Authorization Required</h1>
        <p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
        <p>Additionally, a 401 Authorization Required
error was encountered while trying to use an ErrorDocument to handle the request.</p>
    </body>
</html>

以下是我的请求标题：

General:
Request URL:http://api.example.com/Account/isActive
Request Method:GET
Status Code:401 Authorization Required
Remote Address:66.96.132.83:80
Referrer Policy:no-referrer-when-downgrade

Response Headers:
view source
Connection:keep-alive
Content-Length:533
Content-Type:text/html; charset=iso-8859-1
Date:Fri, 23 Jun 2017 05:26:52 GMT
Keep-Alive:timeout=30
Server:Apache/2
WWW-Authenticate:Bearer realm="Service"
X-Powered-By:PHP/5.6.30

Request Headers:
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8,ca;q=0.6
Authorization:Bearer 815eb39b068354922c386e226bd0240505fd1701
Connection:keep-alive
Content-Type:application/x-www-form-urlencoded
Host:api.example.com
Origin:http://app.example.com
Referer:http://app.example.com/login
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3124.4 Safari/537.36

我无法弄明白我需要如何发送它才能在服务器上运行，我们将不胜感激。

修改 它也有可能成为一个角色问题。这是我从获取请求中得到的内容

GET http://api.example.com/Account/isActive 401 (Authorization Required)

login:1 XMLHttpRequest cannot load http://api.example.com/Account/isActive. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://app.example.com' is therefore not allowed access. The response had HTTP status code 401.