Access Denied: Origin Issue with OAuth2

Question

Access Denied: Origin Issue with OAuth2

I am requesting an authorization code from the OAuth2 Server in order to authenticate a user with my Microsoft App. For more information, I consulted this document.

This is my attempt to make the call:

function httpGet(){
        var theUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id="client_id"&response_type=code&redirect_uri="redirect_uri"&response_mode=query&resource=https%3A%2F%2Fservice.contoso.com%2F&state=12345";

        var req = new XMLHttpRequest();
        req.open('GET', theUrl, true);
        req.onreadystatechange = function() {
            if (req.readyState === 4) {
                if (req.status >= 200 && req.status < 400) {
                    console.log(req.responseText)
                } else {
                    console.log("error")
                }
            }
        };
        req.send();
    }

However, I encountered the following error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

To try and resolve the issue, I added

req.setRequestHeader("Access-Control-Allow-Origin", "*");

Despite this modification, I still received the following error:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

javascript azure cors oauth-2.0

Answer 1

Answer №1

To seamlessly integrate AAD into your JavaScript application, we highly recommend utilizing the azure-activedirectory-library-for-js. This JavaScript library simplifies the frontend integration of AAD.

Before implementing ADAL for JS, it is crucial to consider two key options:

As indicated in the node at https://github.com/OfficeDev/O365-jQuery-CORS#step-6--run-the-sample:

Please note that this sample may not function properly in Internet Explorer. It is recommended to use an alternative browser like Google Chrome. ADAL.js utilizes an iframe for obtaining CORS API tokens for resources beyond the SPA's backend. These iframe requests necessitate access to the browser's cookies for Azure Active Directory authentication. Unfortunately, Internet Explorer cannot access cookies when the application is running locally.
Ensure the oauth2AllowImplicitFlow setting is enabled for your Azure AD application. Detailed steps can be found at .

Below is a code snippet demonstrating how to obtain an access token from Microsoft Graph:

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.10/js/adal.min.js"></script>

<body>
<a href="#" onclick="login();">login</a>
<a href="#" onclick="getToken()">access token</a>
</body>
<script type="text/javascript">
    var configOptions = {
        tenant: "<tenant_id>", // Optional by default, it sends common
        clientId: "<client_id>",
        postLogoutRedirectUri: window.location.origin,
    }
    window.authContext = new AuthenticationContext(configOptions);

    var isCallback = authContext.isCallback(window.location.hash);
    authContext.handleWindowCallback();

    function getToken(){
        authContext.acquireToken("https://graph.microsoft.com",function(error, token){
            console.log(error);
            console.log(token);
        })
    }
    function login(){
        authContext.login();
    }
</script>

Answer 2

To seamlessly integrate AAD into your JavaScript application, we highly recommend utilizing the azure-activedirectory-library-for-js. This JavaScript library simplifies the frontend integration of AAD.

Before implementing ADAL for JS, it is crucial to consider two key options:

As indicated in the node at https://github.com/OfficeDev/O365-jQuery-CORS#step-6--run-the-sample:

Please note that this sample may not function properly in Internet Explorer. It is recommended to use an alternative browser like Google Chrome. ADAL.js utilizes an iframe for obtaining CORS API tokens for resources beyond the SPA's backend. These iframe requests necessitate access to the browser's cookies for Azure Active Directory authentication. Unfortunately, Internet Explorer cannot access cookies when the application is running locally.
Ensure the oauth2AllowImplicitFlow setting is enabled for your Azure AD application. Detailed steps can be found at .

Below is a code snippet demonstrating how to obtain an access token from Microsoft Graph:

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.10/js/adal.min.js"></script>

<body>
<a href="#" onclick="login();">login</a>
<a href="#" onclick="getToken()">access token</a>
</body>
<script type="text/javascript">
    var configOptions = {
        tenant: "<tenant_id>", // Optional by default, it sends common
        clientId: "<client_id>",
        postLogoutRedirectUri: window.location.origin,
    }
    window.authContext = new AuthenticationContext(configOptions);

    var isCallback = authContext.isCallback(window.location.hash);
    authContext.handleWindowCallback();

    function getToken(){
        authContext.acquireToken("https://graph.microsoft.com",function(error, token){
            console.log(error);
            console.log(token);
        })
    }
    function login(){
        authContext.login();
    }
</script>

Answer 3

Answer №2

Through my own innovation, I devised a solution without relying on any frontend Google libraries.

window.open("url")

Upon successfully completing the authentication process, I extract the code from the URL parameters, send it to the backend, and obtain the

access token, refresh token.......etc,

.

Answer 4

Through my own innovation, I devised a solution without relying on any frontend Google libraries.

window.open("url")

Upon successfully completing the authentication process, I extract the code from the URL parameters, send it to the backend, and obtain the

access token, refresh token.......etc,

.

Access Denied: Origin Issue with OAuth2

Answer №1

Answer №2

Similar questions

Using (javascript:) within Href attributes

Tips for effectively parsing extensive nested JSON structures?

Access JSON value using jQuery by key

Watch mp4 clips in various languages with ExpressJs

What is the best way to conceal a bootstrap directive tooltip in Vue.js for mobile users?

The functionality of scope.$observe is unavailable within an AngularJS Directive

What is the best way to attach every sibling element to its adjacent sibling using jQuery?

Convert JSON data into an HTML table using JavaScript without displaying the final result

I am experiencing an issue with my d3 force directed graph where the links are not

Error message: "The jQuery function is unable to recognize the

What is the best way to cycle through a JSON array of objects using JavaScript and jQuery?

Removing the element generated by Angular from the DOM

Does running npm install automatically compile the library code as well?

Custom Email Template for Inviting Msgraph Users

Is incorporating re-routing into an action a beneficial approach?

In Laravel Blade, I am looking to display a Modal popup and dynamically pass data based on the user's ID

Encountered an issue while trying to send an email through the Gmail API: Unfortunately, this API does not provide

Steps for mocking an async action creator in Redux using Jest

Guide the user to a specific website and replicate the user's action of pressing the down arrow or clicking a button three consecutive times

I encountered a parsing issue while trying to compile my Vue project