除了从Loopback Restful API登录外，无法获取或发布任何内容

Question

I have played around with loopback and I think it's interesting, however it seems to be very restricted, since you can't do anything besides trying to log in in the explorer environment.

The guides and docs was very good at getting the server up and running and I was able to create a user and login, but when trying to get users it throws this error:

http://localhost:3000/api/users

"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"stack": "Error: Authorization Required"

I see that you can set some authentication token but I have trouble figuring out how to get that (besides shouldn't it be stored in a session or so when logging in?)

The following worked very well, but that's only on the server

loopback session no method create?

Worth noting is that I have given allow access "acl" for the user so that should not be the problem.

So question is, how do I get some access?

Answer 1

I see that you can set some authentication token but I have trouble figuring out how to get that (besides shouldn't it be stored in a session or so when logging in?)

See this example I created on authentication and authorization: https://github.com/strongloop/loopback-example-access-control

I see that you can set some authentication token but I have trouble figuring out how to get that (besides shouldn't it be stored in a session or so when logging in?)

The session mechanism is up to you to implement as LoopBack is not opinionated here. Any session handling library that works with Express will work in LoopBack.

Answer 2

您可以通过调用app.enableAuth() 在应用程序中启用身份验证，这意味着您需要在代码中查找该位置，然后将其删除。