Pass access token in header instead of url loopback

Question

I am new to LoopBack. I have used it's default server authentication.

module.exports = function enableAuthentication(server) {
  // enable authentication
  server.enableAuth();
};

After this i am getting access token from login api.

Then i have to pass it in all service call url.

Is there any way/setting in loopback that allow us to pass it in http header instead of url in http request?

I am using angularjs. It is easy to set header for all service call using this $http.defaults.headers.common['Authorization'] = 'access_token'.

But if we have to pass it in url param then i have to write it in each service call.

Can anyone suggest a way to set access_token in url param for all requests from angular or loopback setting to allow it in http header.

Answer to duplicate : This question was related method(how to) pass token in header in http call from angular side.

Answer 1

Loopback allows you to use an Authorization header by default. See: https://loopback.io/doc/en/lb3/Making-authenticated-requests.html#making-authenticated-requests-with-access-tokens

Answer 2

You can have request Interceptor in your Angular Code, which will set Authorization token in the Header of every HTTP request.

Create a factory to inject Auth Token in the header.

module.factory('sessionInjector', function() {  
    var sessionInjector = {
        request: function(config) {
            config.headers['Authorization'] = 'Bearer '+Authtoken;
            return config;
        }
    };
    return sessionInjector;
}]);

Use config to push sessionInjector to your Angular $HTTPProvider, so that it intercepts every HTTP request and injects auth token to it.

module.config(['$httpProvider', function($httpProvider) {  
    $httpProvider.interceptors.push('sessionInjector');
}]);

Read this example to know how can you use http interceptors to inject Auth token and other useful things to your HTTP Requests.