EchoRo
Reputation: 119
Code flow PKCE with OIDC and Azure AD get cors error on /token endpoint
I saw that the new recommendations (since mid 2019) is to use code flow with PKCE instead of the implicit flow for SPAs. I have an angular spa that uses OIDC client and works fine until it calls the /token endpoint that return a cors error
Access to XMLHttpRequest at 'https://login.microsoftonline.com/xxx/oauth2/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested
Is there a way to overcome this error or is there a way to configure Allowed Origins (CORS) in Azure AD or am I doing something wrong?
Upvotes: 3
Views: 1681
Answers (1)
Tony Ju
Reputation: 15609
There is no way to configure Allowed Origins in Azure AD.
So there are two solutions for you:
1.Use MSAL.js with Azure AD B2C.
2.Call the /token endpoint in your server, then you can makes the request to your server.
Reference:
No 'Access-Control-Allow-Origin' header with Microsoft Online Auth
Upvotes: 2
Related Questions
- B2C authentication not returning access_token
- Microsoft identity platform and OAuth 2.0 authorization code flow (PKCE) - Error "AADSTS700025"
- Azure AD: code flow with PKCE: id_token is not enabled for the application
- Is Active Directory not supporting Authorization Code Flow with PKCE?
- How to enable CORS in an Azure App Registration when used in an OAuth Authorization Flow with PKCE?
- OAuth Code Flow with PKCE for Azure AD and Xamarin
- CORS error in authenticating .NET Core 2.2 API with Azure Active Directory
- Authenticate CORS request using OpenIdConnect and Azure AD
- Azure B2C Implicit Flow for SPA using Auth API gives invalid token for openid scope
- CORS issue when getting a token in Azure AD B2C (Implict Flow)