Http Interceptor does not account for resource specific tokens #46
Description
The Adal5Interceptor always uses the user token for the bearer token. This is not consistent with the ADAL library that maintains a token per resource and uses the appropriate token. this functionality existed in the original library this was forked from:
export class AdalInterceptor implements HttpInterceptor {
constructor(private adal: AdalService) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
// if the endpoint is not registered then pass
// the request as it is to the next handler
const resource = this.adal.GetResourceForEndpoint(req.url);
if (!resource) {
return next.handle(req.clone());
}
// if the user is not authenticated then drop the request
if (!this.adal.userInfo.authenticated) {
throw new Error('Cannot send request to registered endpoint if the user is not authenticated.');
}
// if the endpoint is registered then acquire and inject token
let headers = req.headers || new HttpHeaders();
return this.adal.acquireToken(resource).pipe(
mergeMap((token: string) => {
// inject the header
headers = headers.append('Authorization', 'Bearer ' + token);
return next.handle(req.clone({ headers: headers }));
}
)
)
}
}
has become:
export class Adal5Interceptor implements HttpInterceptor {
constructor(public adal5Service: Adal5Service) { }
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
request = request.clone({
setHeaders: {
Authorization: `Bearer ${this.adal5Service.userInfo.token}`
}
});
return next.handle(request);
}
}