Open gregvis opened 8 years ago
colinskow
commented
8 years ago Take a close look at the configuration options in the README.
Every time you switch routes, ng-superlogin will check if your token is expired, and if it is automatically log the user out. It doesn't fire any http requests. This can be disabled in config.
The interceptor will add authentication headers to any requests that match your configured endpoints. This can also be adjusted in the config.
gregvis
commented
8 years ago I understand the options. I'm just not a fan of the interceptor running on every angular template load and every $http call that I make in my application. Do you have to use an interceptor for this? How about just wrapping the superlogin $http calls with a service that adds the Authorization header, see example here:
[http://stackoverflow.com/questions/23968129/limiting-http-interceptor-to-specific-domain]
Or perhaps switch your $http to $resource calls instead. That way you can specify an Interceptor just for that $resource. Example here:
colinskow
commented
8 years ago The interceptors are already limited to only the domains you specify in your config. You can disable them entirely by setting noDefaultEndpoint: true. If the domain doesn't match, the request will continue unaltered.
gregvis
commented
8 years ago i've written an slApi factory to replace the interceptor. see if you like it. I've created a pull request so you can compare. This also negates the requirement to specify endPoints in the config.
colinskow
commented
8 years ago The idea is that authentication headers are automatically added to API requests without you having to write boilerplate in each individual request.
I noticed that the superloginInterceptor was firing every time I changed state using ui-router.
Does this have to be used with every http request? Is there a way to restrict it to fire only when superlogin calls are made?