OAuth2 CORS call to Azure Web App protected with AAD using only Javascript -
i'm trying make cors request azure web service aad protected. app making call has no backend code - html+js. use adal.js, have setup (azure web app, adal.js config) , i'm able use adal.js receive token (i can check it's valid using advanced rest client).
the problem when try make call below:
var xhr = new xmlhttprequest(); if ("withcredentials" in xhr) { // xhr chrome/firefox/opera/safari. xhr.open(method, url, true); } else if (typeof xdomainrequest != "undefined") { // xdomainrequest ie. xhr = new xdomainrequest(); xhr.open(method, url); } else { // cors not supported. xhr = null; } xhr.withcredentials = true; xhr.onload = function () { ... }; xhr.onerror = function (error) { ... }; xhr.send()
i receive
xmlhttprequest cannot load <myappurl>. redirect <myappurl> 'https://login.windows.net/<guid>/oauth2/authorize?response_type=code+id_token&redirect_uri=<myappurl>%2f.auth%2flogin%2faad%2fcallback&client_id=<guid>&scope=openid+profile+email&response_mode=form_post&nonce=cdf7754a3d66498baad6809f3de0b0ae_20170910165538&state=redir%3d%252fapi%252fvalues' has been blocked cors policy: no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost:59672' therefore not allowed access.
i can guess it's because authorization header not passed target app wants redirect me in order login. , in fact no authorization header in request...
if i'll try add such header manually adding
xhr.setrequestheader("authorization", "bearer " + token);
i receive
xmlhttprequest cannot load <myappurl>. response preflight invalid (redirect)
i tried multiple tutorials (i.e. article) there backend code load nuget packages - have html + js.
dead end. ideas how make work? possible?
@juunas: had same guess - it's somethink authentication. maybe adal.js not handle properly? wrote: no authorization header in request...and afaik adal.js should handle request , add such header (via http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/) config:
window.config = { instance: 'https://login.microsoftonline.com/', tenant: '<mytenant>', clientid: '<myguid>', //in old azure portal calls: client id. in new azure portal it's application id' postlogoutredirecturi: window.location.origin, cachelocation: 'sessionstorage', // tried localstorage endpoints: { // domain of api (requsets made to) // , same client id above "<myappurl>": "<myguid>" } };
Comments
Post a Comment