OAuth2 CORS call to Azure Web App protected with AAD using only Javascript -


i'm trying make cors request azure web service aad protected. app making call has no backend code - html+js. use adal.js, have setup (azure web app, adal.js config) , i'm able use adal.js receive token (i can check it's valid using advanced rest client).

the problem when try make call below:

var xhr = new xmlhttprequest(); if ("withcredentials" in xhr) {     // xhr chrome/firefox/opera/safari.     xhr.open(method, url, true); } else if (typeof xdomainrequest != "undefined") {     // xdomainrequest ie.     xhr = new xdomainrequest();     xhr.open(method, url); } else {     // cors not supported.     xhr = null; } xhr.withcredentials = true; xhr.onload = function () { ... }; xhr.onerror = function (error) { ... }; xhr.send()

i receive 

xmlhttprequest cannot load  <myappurl>. redirect  <myappurl>  'https://login.windows.net/<guid>/oauth2/authorize?response_type=code+id_token&redirect_uri=<myappurl>%2f.auth%2flogin%2faad%2fcallback&client_id=<guid>&scope=openid+profile+email&response_mode=form_post&nonce=cdf7754a3d66498baad6809f3de0b0ae_20170910165538&state=redir%3d%252fapi%252fvalues'  has been blocked cors policy: no 'access-control-allow-origin' header  present on requested resource. origin 'http://localhost:59672'  therefore not allowed access.

i can guess it's because authorization header not passed target app wants redirect me in order login. , in fact no authorization header in request...

if i'll try add such header manually adding 

xhr.setrequestheader("authorization", "bearer " + token);

i receive 

xmlhttprequest cannot load  <myappurl>. response preflight invalid (redirect)

i tried multiple tutorials (i.e. article) there backend code load nuget packages - have html + js.

dead end. ideas how make work? possible?

@juunas: had same guess - it's somethink authentication. maybe adal.js not handle properly? wrote: no authorization header in request...and afaik adal.js should handle request , add such header (via http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/) config:

window.config = {     instance: 'https://login.microsoftonline.com/',     tenant: '<mytenant>',     clientid: '<myguid>', //in old azure portal calls: client id. in new azure portal it's application id'     postlogoutredirecturi: window.location.origin,     cachelocation: 'sessionstorage', // tried localstorage     endpoints: {         // domain of api (requsets made to)         // , same client id above         "<myappurl>": "<myguid>"     } };

Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more