我正在尝试将ajax api调用转换为可重用的Passport策略。
var result = {};
var application = "SuperWidget";
var vendor = "WidgetsInc.com";
var businessunit = "1234567890";
var user = "user@example.com";
var pass = "test123";
var authCode = window.btoa(application + "@" + vendor + ":" + businessunit);
$.ajax({
"url": 'https://api.application.com/AuthorizationServer/Token',
"type": 'post',
"contentType": 'application/json',
"dataType": 'json',
"headers": {
'Authorization': 'basic ' + authCode
},
"data": JSON.stringify({
"grant_type": 'password',
"username": user,
"password" : pass,
"scope": 'AdminApi AgentApi AuthenticationApi PatronApi RealTimeApi'
}),
"success": function (resp) {
result.access_token = resp.access_token;
result.token_type = resp.token_type;
result.resource_server_base_uri = resp.resource_server_base_uri;
result.expires_in = resp.expires_in;
result.refresh_token = resp.refresh_token;
result.scope = resp.scope;
result.refresh_token_server_uri = resp.refresh_token_server_uri;
},
"error": function (XMLHttpRequest, textStatus, errorThrown) {
alert("Failed to retrieve token.\n" + XMLHttpRequest.status + ' '
+ XMLHttpRequest.statusText);
}
});
响应如下:
{
access_token: "h9l2tWy5ZIApljMFpvJqitJyU2n8SNe1Q5hP85IeMZpwt+ULZt9plv5vKea4eRce57w++yOe2f/j
AHOMYs81a2RuJdFBRXV/eyUGcyWp79R+OX+MwN/SJYoQBV6ZrGshyyciZkk1/Q4wGEZLw0de9JxGPajm1O9V7
7GVjRBozESy11+v0Fgp918kxiC0/sCD4bjino6Lkvu2fnHf30sW1zF8LDI7OHqdKaVcMzguMcINtxu55FlKuC
+UQnesuE2d6LRg4ZxQp3q9jdxETHwvTYkskQLLT+/wmpEW36yryqIlpGzuBv5LmUr83nOb+1zZas34bhJqBxg
UKztT9GdV5alsT0MQmoNV6Hn5PviO7X47JTey2EvspVkrPnLABUANJ9GfMJKtyUiICXJwk47FmQ=="
token_type: "bearer"
expires_in: 3600
refresh_token: "PX3SnlieM0a22Ij2hGfIxg=="
refresh_token_server_uri:
"https://api-{cluster}.application.com/AuthorizationServer/Token"
resource_server_base_uri: "https://api-{cluster}.application.com/API/"
scope: "RealTimeApi AdminApi AuthenticationApi PatronApi AgentApi CustomApi"
agent_id: 645328
team_id: 103748
}
是否存在符合该流程的现有策略? Oauth似乎是正确的方向,但是通过此授权URL可以识别用户。