Bypassing the interceptor

oauthjs / angular-oauth2

AngularJS OAuth2

MIT License

595 stars 187 forks source link

Bypassing the interceptor #92

Closed madebysoren closed 8 years ago

madebysoren commented 8 years ago

Hi,

Do you have functionality for bypassing the interceptor? We're connected to our own API with OAuth, but also want to upload an image to Azure Blob Storage. The thing is that the oauthInterceptor intercepts (just as it is supposed to) and make our Authorization header malformed.

It's easy to fix with this code: !config.headers.hasOwnProperty('Authorization') && !config.headers.hasOwnProperty('x-ms-blob-type') &&

But do you have any functionality to bypass the interceptor in requests?

ruipenso commented 8 years ago

You can remove the Authorization from your request, e.g.,

$http.post(`http://example.com`, {}, { headers: { Authorization: undefined } })

Let me know if it works.

madebysoren commented 8 years ago

Hi Rui,

Thank you for the answer. The problem is that the interceptor adds the OAuth authorization whenever it's not present. Setting it to undefined makes it "not present" as seen here:

if (!config.headers.hasOwnProperty('Authorization') && OAuthToken.getAuthorizationHeader()) { config.headers.Authorization = OAuthToken.getAuthorizationHeader(); }

I need the opposite. I need a way to tell the interceptor to let this one go through without adding an Authorization header. As of now I've modified the interceptor to allow some specific types to go through looking like this:

if (!config.headers.hasOwnProperty('Authorization') && !config.headers.hasOwnProperty('x-ms-blob-type') && !config.headers.hasOwnProperty('x-ms-content-type') && OAuthToken.getAuthorizationHeader()) { config.headers.Authorization = OAuthToken.getAuthorizationHeader(); }

Did you implement something like this or would we have to add that manually?

madebysoren commented 8 years ago

And it didn't work btw.

ruipenso commented 8 years ago

Oh! Sorry... We don't have any way to bypass the interceptor. Can't you configure Azure Blob Storage to ignore the header?

madebysoren commented 8 years ago

Alright. I've added a simple workaround for that by looking for an Authorization header named "none" and when finding it removing it before the request. Take a look here, and let me know if I should make a pull request.

https://github.com/madebysoren/angular-oauth2/commit/5a56477a96462ad08d25fcf9a4024d0f797aad25

ruipenso commented 8 years ago

Feels to hacky. I would prefer to pass an option ignoreAuthorizationHeader.

madebysoren commented 8 years ago

Like this:

https://github.com/madebysoren/angular-oauth2/blob/master/src/interceptors/oauth-interceptor.js

ruipenso commented 8 years ago

No. Something like:

// Example request.
$http.post('http://example.com', {}, {
  ignoreAuthorizationHeader: true
});

// OAuth interceptor.
if (!config.ignoreAuthorizationHeader) {
  return config;
}