{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《Angular2 How to get token by sending credentials》','https://www.manongdao.com/q-527179.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm using Angular2 to get access token from a Java Spring back-end application. I can get the token via CURL but not via Angular form.
curl localhost:8085/uaa/oauth/token --data "grant_type=password&scope=write&username=MY-USERNAME&password=MY-PASSWORD" --user user:pwd
I enabled Cors on Java back-end like this:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, DELETE, GET, HEAD, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, If-Modified-Since");
chain.doFilter(servletRequest, servletResponse);
}
My Angular code looks like this:
import {Injectable, Component} from 'angular2/core';
import {Observable} from 'rxjs/Rx';
import {Http, HTTP_PROVIDERS, Headers} from 'angular2/http';
@Component({
viewProviders: [HTTP_PROVIDERS]
})
@Injectable()
export class Authentication {
token:string;
http:Http;
constructor(http:Http) {
this.token = localStorage.getItem('token');
this.http = http;
}
login(username:String, password:String) {
var url = 'http://localhost:8085/uaa/oauth/token',
body = JSON.stringify({
username: username,
password: password
}),
options = {
headers: new Headers({
'credentials': 'true',
'grant_type': 'password',
'scope': 'write',
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded'
})
};
return this.http.post(url, body, options)
.map((res:any) => {
let data = res.json();
this.token = data.token;
localStorage.setItem('token', this.token);
});
}
}
The response from the server is:
Request URL:http://localhost:8085/uaa/oauth/token
Request Method:OPTIONS
Status Code:401 Unauthorized
Remote Address:[::1]:8085
You might have two problems:
The
OPTIONScall is a preflight call. The CORS standard states that preflight calls should not include authentication. If your server isn't set up to handle that, you will get a401response. If you have control over the server you should be able to add something to allow theOPTIONScall through. With NGINX you can add something like:if ($request_method = 'OPTIONS') {return 200;}Not sure about you're particular server.
Are you sure you are sending the credentials the right way? It looks like you are sending all this as individual headers rather than form-encoded data like you are with the curl request. This has worked for me:
You should provide the username / password hints within the Authorization header with the "Basic" scheme. The value must encoded with base64 with the btoa function:
Moreover, after having alook at your curling request, it seems that what you put in headers should be provided in the payload. This can be done using the UrlSearchParams class.
See rhis question for more details:
Problem is probably in your angular service. I think you should't send body as object which contains username and password, but you should send string which contains "grant_type", "username" and "password". This is example of my working service method: