（详细解读）AFNetworking设置Bearer Token

最近调试的项目，授权的方式使用的JWT

1.AFNetworking设置Bearer Token，通过网关验证

用户授权登录后获取到accessToken，需要HTTP请求的头信息Authorization字段里面，格式如下：
Authorization: Bearer <token>
代码：

    AFHTTPSessionManager *httpSessionManager = [AFHTTPSessionManager manager];
    httpSessionManager.requestSerializer = [AFHTTPRequestSerializer serializer];
    [httpSessionManager.requestSerializer setValue:[NSString stringWithFormat:@"Bearer %@",access_token] forHTTPHeaderField:@"Authorization"];

2.Token过期后的监听

首先是如果token过期后的错误日志：

Error Domain=com.alamofire.error.serialization.response Code=-1011 "Request failed: forbidden (403)" UserInfo={NSLocalizedDescription=Request failed: forbidden (403), NSErrorFailingURLKey=http://f4c04af1073d4543a4d7cd567695308f-cn-hangzhou.alicloudapi.com/mobile/employeeInfo/getEmployeeBasicInfo, com.alamofire.serialization.response.error.data={length = 0, bytes = 0x}, com.alamofire.serialization.response.error.response=<NSHTTPURLResponse: 0x600003b0c660> { URL: http://f4c04af1073d4543a4d7cd567695308f-cn-hangzhou.alicloudapi.com/mobile/employeeInfo/getEmployeeBasicInfo } { Status Code: 403, Headers {
    Connection =     (
        "keep-alive"
    );
    "Content-Disposition" =     (
        "attachment; filename=ApiResponseForInnerDomain"
    );
    "Content-Length" =     (
        0
    );
    "Content-Type" =     (
        "application/oct-stream"
    );
    Date =     (
        "Sat, 07 Nov 2020 04:34:34 GMT"
    );
    "Keep-Alive" =     (
        "timeout=25"
    );
    Server =     (

我们读取掉了http状态码403，错误码是-1101，但是两个状态都是包含多种错误情况的，那我们在继续找发现网关会返回另外一个字段X-Ca-Error-Code,用于一些后端业务的校验。以下是官方的说明：当客户端收到的应答中X-Ca-Error-Code头不为空，表示应答码由API网关产生，错误码由一个6位长度的字符描述，请参考下表，而X-Ca-Error-Message表示错误的应答信息，用于描述改场景下更详细的一些错误信息。 如果X-Ca-Error-Code头为空，则表示这个Http应答码由后端服务产生，API网关透传了来自后端的错误信息。。
我们读了 网关错误代码表 发现

A403JE
所以当X-Ca-Error-Code为A403JE时就是咱们要处理的客户端token过期的情况。
哪里获取到呢，是在http头信息里面的

(lldb) po response.allHeaderFields
{
    Connection = "keep-alive";
    "Content-Disposition" = "attachment; filename=ApiResponseForInnerDomain";
    "Content-Length" = 0;
    "Content-Type" = "application/oct-stream";
    Date = "Sat, 07 Nov 2020 04:34:34 GMT";
    "Keep-Alive" = "timeout=25";
    Server = "Kaede/3.5.3.488 (hz001bneq)";
    "X-Ca-Error-Code" = A403JE;
    "X-Ca-Error-Message" = "JWT is expired at `2020-11-06T13:16:21Z`";
    "X-Ca-Request-Id" = "4F502EFC-43DD-47E8-9745-EE8023A36ABB";
}

show me code 方式一

failure:^(NSURLSessionDataTask * _Nullable task, NSError * _Nonnull error) {
//        task.response
        NSLog(@"请求 Error: %@", [error description]);
        NSHTTPURLResponse *response = (NSHTTPURLResponse*)task.response;
        //http协议状态码 一般403,401,400
        NSInteger statusCode = response.statusCode;
            
       //从头信息中去获取错误状态(http状态403，"X-Ca-Error-Code"错误码为“A403JE”，此时"X-Ca-Error-Message" = "JWT is expired at `2020-11-06T13:16:21Z`"，需要重新登录)
       NSString *errCode = response.allHeaderFields[@"X-Ca-Error-Code"];
            
      if (errCode && [errCode isEqual:@"A403JE"])
      {
           //处理token过期的情况，需要用户重新登录
      }
}

方式一是通过 task.response获取的，也可以从error中获取（方式二）:

//服务器返回的业务逻辑报文信息，这里的errorResponse等同于task.response
NSHTTPURLResponse *errorResponse = error.userInfo[AFNetworkingOperationFailingURLResponseErrorKey];

JWT的介绍

JWT介绍----点进来看