Angularjs $http service passing facebook access token

Question

I'm implementing fb authentication in my SPA built using MEAN stack. While I've successfully implemented the fb authentication using facebook token passport strategy, I'm facing issues in securing API endpoints. Because for that I need to pass both the authenticated user object and access token in the $http service and I've tried passing access_token as a property of the user object and also as a header property, but I still 401 (Unauthorized error). Below is my code snippet.

Passport documentation says "Authorization: Bearer base64_access_token_string". Should the token be encoded in a base64 format? Pls help.

server code

app.get('/api/getbikes*',
passport.authenticate('facebook-token',{session: false}),
function(req,res){
    if(req.user){
        console.log('In getbikes api');
    // console.log('req.query :',req.query);
        var msg="";
        ubBike
            .find({cust:req.query._id})
            .populate('cust','email')
            .exec(function(err,bikes){
                res.send(bikes);
                if(err) throw err;
            });
    }
    else
    {
        res.send(401);
    }

});

angular code

service

this.getbikes = function(user){
    var deferred = $q.defer();
    $http({
        method:"GET",
        url:"http://localhost:3000/api/getbikes",
        params: user,
        headers:{
            Authorization:auth.getAccesstoken()
        }            
    }).then(function successCallback(srresponse){
        deferred.resolve(srresponse.data);
    }, 
        function failureCallback(srresponse){
        $log.error("get bikes http call failed ",srresponse.data);
        deferred.reject(srresponse.data);
    });//$http
    return deferred.promise;
};//getbikes

controller

$scope.fblogin= function(){
        auth.fblogin().then(
                function(response){

                $scope.isAuth = auth.isAuth;
                $scope.usr =auth.getResponseobj();
                $scope.usr.access_token=auth.getAccesstoken();  
                $scope.profpic=auth.profpic;

                bike.getbikes($scope.usr).then(function(response){

                    if (response.length ==0)
                    {
                    $location.path('/addbike');//redirect to addbike screen    
                    }
                    else{
                    $location.path('/appoint');//else redirect to view appointment screen
                    }
                },function(reason){
                    $scope.msg1 = reason;
                });//getbikes


            },function(reason){
                 $log.log("fblogin() - failure :Need to login to the application :"+reason);
            })

        };//fblogin

If you're sending the accesstoken in http header, then it should be in this format `Authorization: Bearer accesstokenstring`. Does your header authorization form that way?. Also in your controller you're sending `$scope.usr` not `user`. Please check that as well. — Karthik, Nov 03 '16 at 03:21
Also try debugging your server code and find out what does your `req` object contains? — Karthik, Nov 03 '16 at 03:25
@Karthik, What does "Bearer accesstokenstring" format mean?Thats where I was stuck initially. Does this mean prefixing the token with 'Bearer'. pls clarify — Rajkumar Kaliyaperumal, Nov 03 '16 at 17:18
Check this - http://stackoverflow.com/a/18752897/1210896. That's how we send the Authorization information as part of HTTP header for an API request. — Karthik, Nov 04 '16 at 03:22
Thanks I was able to encode the token after injecting base64 dependency and $base64 service .I dont get the 401 (unauthorized) error anymore. But I get a 500 (Internal Server Error) and node log gives the following error. InternalOAuthError: Failed to fetch user profile at D:\Raj\important\youbike\node_modules\passport-facebook-token\lib\index.j s:155:32 at passBackControl (D:\Raj\important\youbike\node_modules\passport-facebook- token\node_modules\passport-oauth\node_modules\passport-oauth2\node_modules\oaut h\lib\oauth2.js:123:9) at IncomingMessage. — Rajkumar Kaliyaperumal, Nov 04 '16 at 04:47
Did you check this - Also in your controller you're sending `$scope.usr` not `user`. Please check that as well. ? — Karthik, Nov 04 '16 at 05:56
thats fine, because the variable $scope.usr is local only to controller and in service I've defined it as user. — Rajkumar Kaliyaperumal, Nov 05 '16 at 20:22

score 1 · Answer 1 · answered Nov 05 '16 at 20:24

Surprisingly, when I send the header as "Authorization: Bearer access_token_string" ie the fb token as is without base64 encoding the API authentication works perfectly fine. This is contrary to the passport facebook token documentation https://github.com/drudge/passport-facebook-token

Angularjs $http service passing facebook access token

1 Answers1