You'd better use body to pass the access token that is also suggested in OAuth 2.0 resource owner password grant
I saw some threads talking that jquery may not set custom headers when the response is not success.
Domanda
I'm using a .NET Web API. For authorization i add custom tokens in the headers like this:
The problem is that i am not able to retrieve the "Authorization-Token" from the response on the client side. I've tried with both Angular's $http and jQuery $ajax. When i use Fiddler, i get all the headers that were sent in the response. Including the custom "Authorization-Token" header.
This is the jQuery $ajax code:
$.ajax({
type: "POST",
url: "http://localhost:16879/api/authentication/register",
data: {
Email: "blablagmail.com",
Password: "password1"
}
}).complete(function( a, b) {
console.log(b.getAllResponseHeaders();
});
And the result:
The result using Fiddler:
Is it possible to get all the headers that were sent from server in the $ajax request?
The work-around would be to actually send the token in the body, and set the custom header when doing another request from the client side. But i was hoping to make it work by getting the "Authorize token" in the header of the response.
Soluzione
You'd better use body to pass the access token that is also suggested in OAuth 2.0 resource owner password grant
I saw some threads talking that jquery may not set custom headers when the response is not success.