• Robert Knight's avatar
    Fetch access tokens and add Authorization header to API requests · 4b03e69d
    Robert Knight authored
    Remove the global HTTP interceptor provided by angular-jwt which added
    the Authorization header to API requests and replace it with explicit
    logic in `createAPICall` to do the same thing.
    
    This will enable replacing the JWT tokens with opaque access tokens when
    using a publisher-provided grant token for authentication.
    
    It also provides a more explicit way to only include the access token
    with requests to the API, rather than filtering based on the URL prefix
    of the request in the `tokenGetter` implementation.
    
     * Remove angular-jwt's HTTP interceptor and replace it with logic in
       store.js to explicitly fetch an access token using the `auth` module
       and add an Authorization header to API requests.
    
     * Convert standalone functions and global variables in auth.js to
       methods on the auth service. This will enable swapping out the
       current auth service implementation which uses cookies + CSRF
       for authentication with one that uses the OAuth grant token.
    
     * Fix several cases in store-test.js where functions that made
       assertions inside Promise callbacks did not explicitly wait for the
       Promise to resolve before finishing the test.
    4b03e69d
auth.js 3.02 KB