HttpClient Headers authentication not working


I am on Ionic 3 and Angular 6. When I tried the following code on the browser, it works. But when I test it on my iPhone for the iOS, it keeps showing 401 Error, authentication credentials were not provided.

Here’s the request response.


here’s my home.ts

facebookLogin() {
    let auth = this.authProvider;
    let account = auth.userAccount;

      .then((res: FacebookLoginResponse) => {
        if (res.status == "connected") {
          auth.isLoggedIn = true;
          auth.loginOption = 0;
      .catch(err => {
        console.log('Error logging into Facebook: ', err);

  getFacebookDetail() {
    let auth = this.authProvider;
    let account = auth.userAccount;
    let profile = auth.userProfile;
    this.fb.api('/me?fields=id,first_name,last_name,picture,email', [])
      .then(res => {
        console.log('Facebook return information: ')
        account.account_id =;
        account.username = null; =;
        profile.first_name = res.first_name;
        profile.last_name = res.last_name;
        profile.picture_url =;
        this.nativeStorage.setItem('user', account);
      .then(() => {
      .catch(err => {
        console.log('Error when getting facebook detail: ', err);
  getUserAccount(id) {
    let auth = this.authProvider;
    return new Promise(resolve => {
      this.http.get<IUserAccount>(this.baseUrl + '/users/' + id)
        .subscribe(res => {
          this.navCtrl.setRoot('TabsPage', {
            picture_url: auth.userProfile.picture_url,
            isLoggedIn: auth.isLoggedIn
        }, (err: HttpErrorResponse) => {
          if(err.error instanceof Error) {
            console.log('Client-side error occrued');
          } else {
            console.log('Server-side error occrued');

here’s interceptor.ts

import { _throw } from 'rxjs/observable/throw';
import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs/Observable';

export class AuthHttpInterceptor implements HttpInterceptor{

  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

    const authReq = req.clone({
      setHeaders: {'Authorization': 'Token XXXXXXXXX'},

    return next.handle(authReq).do(
      succ => {
      err => {
        if(err.status === 401) {
          console.error('You are not authenticated!')


If I get you code right you send the string ‘Token’ as authorization in the header.
I think you have to replace the string ‘Token’ with the real token.


I did use real token in there, I just removed it here because I do not want to share that information. The key is the code works fine when it is on browser, but when I try it on app, it does not work. But I will change it up a bit so it’s clear.


:smile: Ok my fault I’m sorry…

Ok I took a look in an interceptor I use and I found one difference:

I use

setHeaders: req.headers.set('Authorization', xxxxxxx)


Thanks for replying!

Do you mean headers: req.headers.set('Authorization', xxxxxxx)? this should be the same as
setHeaders: {'Authorization': 'xxxxxxx'}, I tried both, the result is the same.


I mean change

const authReq = req.clone({
      setHeaders: {'Authorization': 'Token XXXXXXXXX'},


const authReq = req.clone({
      headers: req.headers.set('Authorization', 'Token xxxxxxx')

If the result is the same perhaps on your device the token is not read properly or something else happens.

The interceptor looks good.


Yea I tried, it’s the same. I have turned off the authentication on the server end to for testing purpose and everything else works fine. I read on other places it seems like it might be a server-end issue. I will double check and post the solution here if I can figure it out.


I confess to having a bit of curiosity about how the token finds its way to the interceptor. Is it really a hardcoded constant string as has been implied here so far?


I figured it out… it was a stupid ‘/’ missing at the end of the API that makes it not working on the device, but it is still working on browser…