Closed richardbartley closed 8 years ago
@richardbartley Use an object in stead of a string.
Please take a look at https://github.com/paulvanbladel/aurelia-identityserver-aspnetcore
Object seemed to make no difference.
Raw view of what ends up getting sent is;
OPTIONS https://localhost:44301/Token HTTP/1.1
Host: localhost:44301
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:49849
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Access-Control-Request-Headers: accept, authorization, content-type
Accept: */*
Referer: http://localhost:49849/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6
I can authenticate the old classic way with a simple ajax call.
var loginData = {
grant_type: 'password',
username: self.loginEmail(),
password: self.loginPassword()
};
$.ajax({
type: 'POST',
url: baseUrl + '/Token',
data: loginData
}).done(function (data) {
self.user(data.userName);
// Cache the access token in session storage.
sessionStorage.setItem(tokenKey, data.access_token);
}).fail(showError);
I can see what the fetch method should be doing in authService.js...just for me doesn't want to play. Clearly I must be doing something wrong here.
return this.http.fetch(loginUrl, {
method: 'post',
headers: typeof content === 'string' ? { 'Content-Type': 'application/x-www-form-urlencoded' } : {},
body: typeof content === 'string' ? content : json(content)
}).then(authUtils.status).then(function (response) {
_this2.auth.setToken(response);
return response;
});
@richardbartley Perhaps your problem is with the types the server accepts? I'm pretty sure that using an object works (over at our fork anyway, because that's how we use it, too).
The data you pasted doesn't include the payload it's sending to the server, could you try logging that for us?
CORS related issue maybe? Fetch API cannot load https://localhost:44301/Token. Response for preflight has invalid HTTP status code 400
Rejecting the preflight OPTIONS request.....
For anyone else struggling with CORS and Web Api when using fetch, eventually I found the problem was that the preflight OPTIONS request was being rejected on the server. Doing a $.ajax call always worked as no pre-flight was made (in Chrome at least). Just fetch caused the issue.
The way to resolve this was ultimately solved here [http://stackoverflow.com/questions/25794439/webapi-2-with-owin-middleware-and-token-based-authentication-options-request-re] by overriding the MatchEndPoint method in the OAuthAuthorizationServerProvider derived class.
public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
if (context.OwinContext.Request.Method == "OPTIONS" && context.IsTokenEndpoint)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "accept", "authorization", "content-type" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.OwinContext.Response.StatusCode = 200;
context.RequestCompleted();
return Task.FromResult<object>(null);
}
return base.MatchEndpoint(context);
}
@richardbartley thanks a lot for the update Richard. Take care. paul.
Do not want to work for me.. anyway I solved from the reply https://github.com/SpoonX/aurelia-authentication/issues/234
I need to pass more parameters for my server... and it works
this.authService.login({ username: 'jdoe@foo.com', password: 'mysecret', grant_type: 'password' }, {headers: {'Content-Type': 'application/x-www-form-urlencoded'}});
A better option is to add the following to your config
defaultHeadersForTokenRequests: // Default headers for login and token-update endpoint {'Content-Type': 'application/x-www-form-urlencoded'},
It works too
NEWBIE question.
Trying to use the latest skeleton app and aurelia-auth and am stuck trying to authenticate against a web api project I have.
Following the login.js script,
the request to my URL is being made but it does not appear to be sending the grant type, username or password.
My response from Fiddler
My authConfig.js looks like this;
Any help or pointers appreciated.
Thanks, Richard.