Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HttpInterceptor not adding Accesstoken when an XMLHttpRequest is send #1906

Closed
11 tasks
rfcdejong opened this issue Jul 7, 2020 · 2 comments
Closed
11 tasks

HttpInterceptor not adding Accesstoken when an XMLHttpRequest is send #1906

rfcdejong opened this issue Jul 7, 2020 · 2 comments
Labels
bug A problem that needs to be fixed for the feature to function as intended.

Comments

@rfcdejong
Copy link

rfcdejong commented Jul 7, 2020
edited
Loading

Library

Framework

Angular 9

Description

My project has migrated from asp.net core cookie authentication to MSAL client side in Angular. Calling my api from angular the interceptor is adding the user his accesstoken as header, this works fine in almost all situations. Except while using ngx-uploader. The api response is 401 unauthorized.

Looking at the source code of ngx-uploader it is using XMLHttpRequest to call an api. My conclusing is that the HttpInterceptor is not adding the accesstoken in here.

Error Message

Security

  • Is this issue security related?

Regression

  • Did this behavior work before?
    Version:

MSAL Configuration

// Provide configuration values here.
// For Azure B2C issues, please include your policies.

Reproduction steps

// Provide relevant code snippets here.
// For Azure B2C issues, please include your policies.

Expected behavior

Accesstoken is added as header automaticly, just like other Http calls.

Browsers/Environment

  • [x ] Chrome
  • Firefox
  • Edge
  • Safari
  • IE
  • Other (Please add browser name here)
@rfcdejong rfcdejong added the bug A problem that needs to be fixed for the feature to function as intended. label Jul 7, 2020
@rfcdejong
Copy link
Author

I'm not sure if this can be resolved looking at bleenco/ngx-uploader#495

@rfcdejong
Copy link
Author

Closed because I believe Angular doesn't support intercepting XMLHttpRequest, so this cannot be done automatically

I resolved this manually by using the follow code when calling ngx-uploader

const scopes = this.auth.getScopesForEndpoint(environment.apiUrl);
this.auth.getLogger().verbose("Url: " + environment.apiUrl + " maps to scopes: " + scopes);

let token: string;
this.auth.acquireTokenSilent({ scopes })
    .then((response: AuthResponse) => {
        token = response.tokenType === ServerHashParamKeys.ID_TOKEN ? response.idToken.rawIdToken : response.accessToken;
        this.authHeader = { Authorization: `bearer ${token}` };               
    })

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug A problem that needs to be fixed for the feature to function as intended.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rfcdejong