Microsoft Graph API:访问控制允许来源 [英] Microsoft Graph API : Access-Control-Allow-Origin
问题描述
我正在尝试将Microsoft Graph身份验证和访问共享点与用户的Graph个人资料&图片我遵循了他们的文档 https://developer.microsoft.com/en -us/graph/docs/authorization/app_authorization
我能够实现对用户进行身份验证并获得应用授权的第一步,但不能获取访问令牌.
我已经在Postman中进行了检查,能够获得访问令牌的响应.我尝试使用 Jquery Ajax 进行操作的方式相同,但得到
I am trying to integrate Microsoft Graph authentication and access sharepoint and User's Graph Profile & Pic. I had followed their document https://developer.microsoft.com/en-us/graph/docs/authorization/app_authorization
I am able to achieve first step Authenticate a user and get app authorized , but not Acquire an access token.
I have checked it in Postman, able to get response of access token. Same way I'm trying to do it using Jquery Ajax but getting
XMLHttpRequest无法加载 https://login.microsoftonline.com/common/oauth2/token .不 请求中存在"Access-Control-Allow-Origin"标头 资源.
XMLHttpRequest cannot load https://login.microsoftonline.com/common/oauth2/token. No 'Access-Control-Allow-Origin' header is present on the requested resource.
$.ajax({ type:"POST",headers: {
'Content-Type':'application/x-www-form-urlencoded'
},
crossOrigin: true,url: "https://login.microsoftonline.com/common/oauth2/token",data:$.param({grant_type: "authorization_code",redirect_uri:"http://localhost:92",client_id:"8c907c91-1b21-4468-825e-116a4f663249",client_secret:"xxxxxxxxx+=",code:"AQABAAIAAABnfiG-mA6NTae7CdWW7QfdkHvUMGWjMMTjOGwaac7c-pFOjLqj98r37uhB1a1XqjnCL-nK5HcvRIYLhLSUQJZeY9ybZLgWfSl4U0CNdZkwIvee_r6-hPC0Wts0ULDWzkg_nHWLHrquAjJ67T84vuIUv8525xTVdm1Ej07EPRttlske50jy1lruaLX0Wzdj72VnAQ0iRHB_VKwEA-1YB7VOt6qh9756XYkDUfzJMZTxTawT5PVQFyv2joy0TbUYljkyT8RgzdhgT6YV6Rum3cQZg3Amso-0-6umF_1ECfdjmXXxdkscAmsGJHZPrZ1HE8W9zhfsGKlc57QI8J3Qkz-Wfkw8lxcfpp84wHmKnA28jWrww7szXVjjsYmtNsRpSYIvq393QoUZnWN-t0D71510pVAYswr6R3_rR80SMrMvolIpoXeIvPDoOkLszgYEeNRkGAcjVYD5XS4aajyrWqCSUz3xzNt8Vb6x9QBCWxw9xAottQM5ZZIbWc9zrKmmPL8sqkEpJ7Z95QdJjgkFy0qT5c_GQwKNoAiF96iVhyLiULvjwlFYsV9d84QGnz_a5NIt6mMbhgJoY32snEJN7kMyK9uzTHdglkkl-9UgJNnpArN5D8hywaERMN4Fy7RZxnqx9Mt4UnnfK9-RnjvaIE6TIAA",resource:"https://graph.microsoft.com/"}), success: function(result){
$("#div1").html(result);
},
error: function(){
$("#div1").html("Error");
}});
但是在Console中,我可以从post方法中看到响应,因为对于"Acces-origin"问题,我无法在Ajax Success部分得到响应.
But in Console, I can see the response form the post method, because for 'Acces-origin' issue, I couldn't get response in my Ajax Success part.
推荐答案
常规网页可以使用XMLHttpRequest对象从远程服务器发送和接收数据,但是它们受同一原始策略的限制.因此,浏览器正在阻止由于安全原因,通常它允许同一来源的请求.邮递员会工作,因为他们不受此政策的限制.
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy.So the browser is blocking it as it usually allows a request in the same origin for security reasons. Postman wil work because they are not restricted by this policy .
要将AAD集成到javascript中,建议您使用 azure-activedirectory- library-for-js 是javascript中的一个库,用于前端,它可以通过使用此处是讨论同一主题的主题并显示有关如何使用ADAL.JS的更多信息,请参考该内容.
To integrate AAD in javascript, we suggest you to use azure-activedirectory-library-for-js which is a library in javascript for frontend to integrate AAD with a ease ,by using implicit grant flow ,It also has the advantage of eliminating any requirements for cross origin calls, which are necessary if the JavaScript application is required to contact the token endpoint. Here is a thread which discuss same topic and show more about how to use ADAL.JS , please refer to that .
这篇关于Microsoft Graph API:访问控制允许来源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
