3

I'd like to use angular $http to interact with api, but I need to store my auth token to $http so that in every request wether post get put delete, I want the token to be present, also I have seen people place tokens in the header , I know how to place it in the header, but I'm not sure if its a good practice to put tokens in the header , here is my config : 

config(['$stateProvider', '$urlRouterProvider','$http', function($stateProvider, $urlRouterProvider, $http) {
  $urlRouterProvider.otherwise("/view1");

}]);
Improve this question
2
  • if can help, try to use Restangular it's an amazing library! You can configure Rectangular one time and you have in all your calls the token Commented Aug 30, 2016 at 12:54
  • You inject $http in your config? That shouldn't be possible. Commented Aug 30, 2016 at 13:41

3 Answers 3

Reset to default
1

To communicate with an API that requires token authentification, you need to set up an interceptor.

In your config file:

function config(..., $httpProvider) {
    $httpProvider.interceptors.push('authInterceptor');
    ...
}
angular
    .module('app')
    .config(config);

authInterceptor is a factory that will take care of adding headers to all your $http requests:

function authInterceptor($rootScope, $q, $window) {
    return {
        request: function (config) {
            config.headers = config.headers || {};
            if ($window.sessionStorage.token) {
                config.headers.Authorization = 'Bearer ' + $window.sessionStorage.token;
            }
            return config;
        },
        responseError: function (rejection) {
            if (rejection.status === 401) {
                console.log("not authorised");
            }
            return $q.reject(rejection);
        }
    };
};

angular
    .module('app')
    .factory('authInterceptor', authInterceptor);

The token can come from sessionStorage, cookies or anything.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

config $httpProvider at start up!

'use strict';

angular.module('app')
    .config(configHttp);

configHttp.$inject = ['$httpProvider'];
function configHttp($httpProvider) {
    if (!$httpProvider.defaults.headers.get) {
        $httpProvider.defaults.headers.get = {};
    }
    //disable IE ajax request caching
    $httpProvider.defaults.headers.get['If-Modified-Since'] = 'Mon, 26 Jul 1997 05:00:00 GMT';
    // extra
    $httpProvider.defaults.headers.get['Cache-Control'] = 'no-cache';
    $httpProvider.defaults.headers.get.Pragma = 'no-cache';
    // User Credential
    $httpProvider.defaults.headers.post['user-credential'] = 'xxxxxx';
}
Improve this answer

Comments

0

Following the HTTP spec clearly the right place for authorization token is in the headers.

Improve this answer

2 Comments

Would it not be better to use an interceptor here in case @Mikail has some logic that needs to performed before he can use the token in the header of his ajax call?
The authorization token can be added to the header in multiple ways and that should be decided based on the needs and requirements. You right it may be the case that is better to use an interceptor.. I have edited my answer, thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.