小贝子编程

呼唤 auth0.com/oauth/token:在邮差工作,而不是来自Angular



我正在尝试通过 Auth0 检索我的 API 的访问令牌。我的应用程序和 API 是在 Auth0 中设置的。如果我通过邮递员发送请求,一切都很好。但是,当我通过我的角度应用程序请求时,我收到 401 错误"access_denied"。

从 angular 生成的原始 http 请求(不起作用(是:

POST https://ACCOUNT.auth0.com/oauth/token HTTP/1.1
Host: gacattak.auth0.com
Connection: keep-alive
Content-Length: 210
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
content-type: text/plain
Origin: http://localhost:4200
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:4200/callback
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
{ "client_id":"CLIENT_ID", "client_secret":"CLIENT_SECRET", "audience":"API_URL", "grant_type":"client_credentials" }

此请求的响应是:

HTTP/1.1 401 Unauthorized
Date: Sun, 10 May 2020 21:38:54 GMT
Content-Type: application/json
Content-Length: 60
Connection: keep-alive
Server: nginx
ot-tracer-spanid: 0b9da465429fa2b6
ot-tracer-traceid: 3f4f92ca634996df
ot-tracer-sampled: true
ot-baggage-auth0-request-id: c183f69c93c7973cb432dc78
X-Auth0-RequestId: 802fba1aa3437e9b24c4
Set-Cookie: did=s%3Av0%3Aa55fb060-9306-11ea-bfd6-312783a9f474.U2HrQl3KVe%2FwgK4fL74FqFddwYH4iagTH24GHPvII2Q; Max-Age=31557600; Path=/; Expires=Tue, 11 May 2021 03:38:54 GMT; HttpOnly; Secure; SameSite=None
Set-Cookie: did_compat=s%3Av0%3Aa55fb060-9306-11ea-bfd6-312783a9f474.U2HrQl3KVe%2FwgK4fL74FqFddwYH4iagTH24GHPvII2Q; Max-Age=31557600; Path=/; Expires=Tue, 11 May 2021 03:38:54 GMT; HttpOnly; Secure
Access-Control-Allow-Origin: http://localhost:4200
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 29
X-RateLimit-Reset: 1589146735
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
{"error":"access_denied","error_description":"Unauthorized"}

从 Postman 生成的原始 http 请求是:

POST https://ACCOUNT.auth0.com/oauth/token HTTP/1.1
Content-Type: application/json
Postman-Token: d14b0c57-554b-4dba-b68f-05971da85ecb
Host: ACCOUNT.auth0.com
Content-Length: 221
Cookie: did=s%3Av0%3A7ae18350-9314-11ea-87eb-d7ba4a7f045b.w9PKfAKMOzjGUi6Kb4ZU4D0PN6u42pHGtZFWn1abvoM; did_compat=s%3Av0%3A7ae18350-9314-11ea-87eb-d7ba4a7f045b.w9PKfAKMOzjGUi6Kb4ZU4D0PN6u42pHGtZFWn1abvoM
{
"client_id":"CLIENT_ID",
"client_secret":"CLIENT_SECRET",
"audience":"API_URL",
"grant_type":"client_credentials"
}

回应是:

HTTP/1.1 200 OK
Date: Mon, 11 May 2020 00:33:12 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Server: nginx
ot-tracer-spanid: 4805513e35ed8153
ot-tracer-traceid: 42c6383f201f080b
ot-tracer-sampled: true
ot-baggage-auth0-request-id: a5d16ad0458cc1d04765f4e0
X-Auth0-RequestId: 1c5f74c3e5b99f41ed83
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 29
X-RateLimit-Reset: 1589157193
Cache-Control: no-store
Pragma: no-cache
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
{"access_token":"ACCESS_TOKEN","expires_in":86400,"token_type":"Bearer"}

我无法弄清楚邮递员生成的请求与来自我的 Angular SPA 的请求之间有什么实质性区别。

感谢任何帮助。

您的角度请求的content-typetext/plain。应该是application/json

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium