[auth0-angular] HTTP interceptor error when user is not logged in

admin44 · October 2, 2020, 6:55am

Hi,

I’m using the auth0-angular HTTP interceptor to attach tokens to my API calls.
Now, I want to make calls to the same API when the user is not logged in (to get some basic ‘public’ information), but the interceptor is reporting “Error: Login required”.

I assume that the interceptor wants to add the token in any case and just breaks if there is none. Wouldn’t it be better to just transmit the HTTP request without an authorization header in that case and let the API deal with it?

Does anybody have an idea for a quick workaround?

Thanks
DS

noragrossman · November 17, 2020, 11:51pm

Same question… we have certain endpoints that require authentication and others that do not. It would be much easier if the HTTP Intercepter sent requests regardless, just without access tokens if the user is not logged in.

ffischer · January 5, 2021, 5:44pm

I’m encountering the same problem

Edward · January 25, 2021, 1:36pm

I had this same problem using the spa sdk but I was able to resolve it by modifying the InterceptorService file similiar to this: Angular Auth0 Interceptor blocking all api calls unless logged in [Fixed] - Auth0 Community

I think it would be reasonable to have an “ignoredList” parameter on the HttpInterceptorConfig where you could list your anonymous endpoints.

Is there anywhere this can be submitted as a bug/feature?

FYI, here is how I’m working around it. Although I wouldn’t call this thoroughly tested yet…

export class AuthHttpInterceptorExtended  extends AuthHttpInterceptor {  

  intercept(
    req: HttpRequest<any>,
    next: HttpHandler
  ): Observable<HttpEvent<any>> {
    if (req.url.endsWith('guest/network-summary')) {
      return  next.handle(req);
    }
    else {
      return super.intercept(req, next);
    }
  }
}

konrad.sopala · January 28, 2021, 1:27pm

Thanks for sharing that with the rest of community! Yep I think you can report it through appropriate GitHub repo as we have feature requests built-i. Once you do that please share the link to it here. Thanks!

skerovs · October 25, 2021, 9:53pm

Hi Edward, I believe it is possible now in the new version of the auth0 angular package.
You can find examples of whitelisting URLs at the github page at this link: auth0-angular

konrad.sopala · October 26, 2021, 9:06am

Thanks for sharing that!

system · November 10, 2021, 9:06am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.