0

In my project the backend exposed refresh token api. When you log in you get valid token and refresh token. When the token expires you need to make a refresh call, authorized with the old expired token and parameter refresh token. The response returns new valid token and new refresh token. At the moment i am trying to implement it inside my authorization guard. This is the code:

 import { Injectable } from '@angular/core';
 import { Router, CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot }     from '@angular/router';
 import { Observable } from 'rxjs/Rx';

 import { SessionService } from '../services/session.service';

@Injectable()
export class AuthorizationGuard implements CanActivate {

constructor(private sessionService: SessionService, private router: Router) { }

canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean | Observable<boolean> {
    if (this.sessionService.isAuthenticated() ) {
        console.log('guard has cookies');
        return true;
    } else {
        if(this.sessionService.checkStorageSession() == null) {
            this.router.navigate(['/']);
        } else {
            console.log('guard will refresh token via refresh token call  ');
            this.sessionService.refreshToken()
                .subscribe(
                    data => {
                        console.log('guard  refresh success');
                        this.sessionService.destroySessionCookie();
                        this.sessionService.rememberUser(data.accessToken);
                        this.sessionService.rememberRefreshTocken(data.refreshToken);
                        this.sessionService.setSessionCookie(data.accessToken);
                        this.sessionService.setRefreshTocken(data.refreshToken);
                        return true;
                    },
                    error => {
                        console.log('session refresh fail: ' + error);
                        this.router.navigate(['/']);
                        return false;
                    }
            );
        }
    }
}

}

But the problem is canActivate invokes, the call starts, refreshes token but i get 403 unauthorized from other calls that are on the activated page before the success response from the refresh. Also i cant figure out how to refresh token when i am standing on a page with save button, the token expires, i press save and update call is made, but with the expired token. Please suggest approaches :s

4

1 回答 1

2

我使用了这种方法,在 AuthorizationGuard 中你检查了:

if(!this.sessionService.isUserAuthenticated){
  this.router.navigate(['/']);
}

其中 isAuthenticated=true 表示用户拥有有效的 refreshToken。我覆盖了 http 服务以具有刷新令牌逻辑:

var authenticatedCall: Observable<any>;
      if (needToken) {
          if (this.sessionService.isUserAuthenticated) {
               authenticatedCall = this.sessionService.acquireToken()
               .flatMap((token: string) => {
                         if (options1.headers == null) {
                           options1.headers = new Headers();
                         }
                            options1.headers.append('Authorization', 'Bearer ' + token);
                            return this.http.request(url, options1);
                     });
                }
                else {
                    authenticatedCall = Observable.throw(new Error("User Not Authenticated."));
                }
        }
        else {            
            authenticatedCall = this.http.request(url, options).map(this.extractData);
 }

作为示例,我使用了这个:https ://github.com/sureshchahal/angular2-adal/blob/master/src/services/authHttp.service.ts

于 2017-02-07T07:36:25.553 回答