Token Request for Azure AD Secured Logic App Throwing CORS Error

Question

I created a logic app that is basically an api call and secured it using this tutorial.

https://www.serverlessnotes.com/docs/securing-azure-logic-app-http-triggers-with-azure-ad

I have an angular site that is hosted on an azure web app that calls this logic app. When I make the call for the token on my site I get this error.

Access to XMLHttpRequest at 'https://login.microsoftonline.com/{Your-TenantID}/oauth2/v2.0/token' from origin 'https://my-web-app.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is the code I use to get the token in my angular data service.

public getToken(): Observable<any>
  {
    const fullUrl = `https://login.microsoftonline.com/{Your-TenantID}/oauth2/v2.0/token`;
    return this.http.post<any>(fullUrl,`grant_type=client_credentials&client_id=clientId&client_secret=clientSecret&scope=scope.default`
      , {headers : {'Content-Type': 'application/x-www-form-urlencoded', 'Access-Control-Allow-Origin': '*'}}
  );
  }

In the past when I have encountered the issue with function apps, I have just gone to their settings and configured their cors. But I am not finding cors settings for app registration azure ad authentication. Does anyone know how to fix this?

Answer 1

Thank you Md Farid Uddin Kiron for guiding into right direction. You need to add angular app URL in platform configurations of Active directory authentication tab.

• By following the document given by you , I have created logic app and configured authentication from AD.
• I have a function app which is deployed on Azure.
• Configured url of function app from logic app active directory in platform configurations.
• Able to get bearer token from oauth,

Reference MS document