CODEWITHSUNDEEP
javascriptauthenticationazure-active-directoryazure-functionsadal
Hell.Bent
Hell.Bent

Reputation: 1677

Calling AAD Authenticated Azure function from Javascript without ADAL? No Access-control-allow-origin header is present

Is it possible to call an AAD authenticated Azure function from javascript without an auth library like ADAL and also without registering the client application with Microsoft?

Getting this error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '

Both the simple web client app and azure function are registered under the same AAD. Both have the azurewebsites.net domain.

What's the lightest web client we can have?

Upvotes: 1

Views: 954

Answers (2)

Nan Yu
Nan Yu

Reputation: 27588

In Azure AD ,with the normal OpenID Connect/OAuth flow, you would acquire token by making a request to the /token endpoint. However, the azure ad endpoint does not support CORS requests, so making AJAX calls to get access tokens is out of the question. Instead, you can use the implicit flow in a hidden iframe to get new tokens for web APIs . See document here and here for more details .

And yes,i would suggest you use ADAL.JS which helps you to use Azure AD for handling authentication easier .

Upvotes: 0

mattchenderson
mattchenderson

Reputation: 1620

The error you are getting is coming from a cross-origin resource sharing (CORS) check. I suspect this occurs when calling the function from the web app. The idea is that the browser is making an OPTIONS request first to see if the caller (the web app) is allowed to make a call a resource on a different domain (the function app). If that's approved, then it will make the actual call to the function.

So, we just have to make it so that the function app responds letting the browser know the call is allowed. Fortunately, Functions has a built-in CORS feature. In the portal, select Platform features for your function app. Under the API section, you'll see a CORS option. Add the domain for your function app and click Save. You should see the Access-Control-Allow-Origin error go away.

As for AAD, any OpenID Connect client library would work - ADAL is a fine choice for this, though. You may still need to create a client registration, though.

Upvotes: 0

Related Questions