I'm developing a rest server with a login function and other api (all verified against authentication and all are cors enabled).
So I've myhost/api/login (i can pass email and password in post)
On the other side I've some clients, in my case wrote angular, and I would like they can use that api to get logged in.
For example look at this client code:
(function() {
angular.module('controller.auth', [])
.controller("authController", ['$q','$scope', '$interval', '$http', '$cookies', function( $q, $scope, $interval,$http, $cookies) {
console.log('auth');
$scope.whoami = false;
$scope.login = function() {
$http({
method: 'POST',
url: 'http://api.marketplace.local:1337/login',
headers: {
'Content-Type': 'application/json'
},
data: {email: 'myemail@email.com', password: 'password'}
})
.then(function(res) {
$scope.logged = true;
}, function(res) {
console.log('error');
console.log(res);
});
}
$scope.me = function() {
$http({
method: 'POST',
url: 'http://api.marketplace.local:1337/api/user/me',
headers: {
'Content-Type': 'application/json'
}
})
.then(function(res) {
$scope.me = res.data;
}, function(res) {
console.log('error');
console.log(res);
});
}
}])
})();
this is the html:
<div ng-controller="authController">
<div ng-click="login()" style="cursor: pointer">LOGIN</div>
<div ng-show="logged" ng-click="me()" style="cursor: pointer">WHOAMI</div>
<div ng-show="whoami">Hi, I'm {{whoami.email}}</div>
</div>
When I click on LOGIN, login is succesfull, but when I click on WHOAMI I've a 403.
So, how can I use the login function to get authenticated for the next call?
I mean, I thought to get the cookie from the response after login and set it for the next call, but also if I saw the cookie from firebug I can't access from $http().then().
Another idea is to send the sessionId in the login response, but I can't figure out how to use it.
I need some advice where to look.
