CORS已阻止从来源"xxxx"以"xxx/.well-known/openid-configuration"访问XMLHttpRequest [英] Access to XMLHttpRequest at 'xxx/.well-known/openid-configuration' from origin 'xxxx' has been blocked by CORS

问题描述

我正在使用okta oAuth对angular 8应用程序进行身份验证和授权.自从获得' https://dev-166545.okta .com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration 引起了问题

I am using the okta oAuth to do the authentication and authorization with angular 8 application. Since getting the 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration is causing the issue

我在okta受信任来源中添加了重定向URL.由于公司政策，我无法在CORS中添加URL.

I have added the redirect URL in the okta trusted origin. I can't add the URLs in the CORS because of company policy.

我该如何解决CORS问题

How can I solve the issue CORS

Access to XMLHttpRequest at 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration' from origin 'https://localhost:44307' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

但是，在网络中我可以看到

However, in the network I can see

推荐答案

getClientSettings(configuration: IOpenIdOptions): UserManagerSettings {
    return {
      authority: configuration.authority + '/',
      client_id: configuration.clientId,
      redirect_uri: configuration.redirectUri,
      post_logout_redirect_uri: configuration.redirectUri,
      response_type: configuration.responseType, // "id_token token",
      scope: "openid profile email " + configuration.apiResourceId,
      filterProtocolClaims: true,
      loadUserInfo: false,
      automaticSilentRenew: true,
      monitorSession: true,
      silent_redirect_uri: configuration.silentRedirectUri,
      accessTokenExpiringNotificationTime: 20, //default 60
      checkSessionInterval: 5000, //default 2000
      silentRequestTimeout: 20000, //default: 10000 
      // When CORS is disabled, token signing keys cannot be retrieved
      //  Manual the metadata and singinKeys for okta auth
      metadata: {
        // Magic happen here. Confugure to local host 
        jwks_uri: configuration.jwksUri,
        authorization_endpoint: `${configuration.authority}/v1/authorize`,
        issuer: configuration.authority
      },
    };
  }

Appsetting.json

Appsetting.json

 "openId": {
    "authority": "https://dev-166545.okta.com/oauth2/xxxxxxxxxxxxxx",
    "clientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "apiResourceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "redirectUri": "https://localhost:44307/auth-callback",
    "silentRedirectUri": "https://localhost:44307/assets/silent-renew.html",
    "responseType": "id_token token",
    "jwksUri" : "https://localhost:44307/assets/jwks.json"
  }

这篇关于CORS已阻止从来源"xxxx"以"xxx/.well-known/openid-configuration"访问XMLHttpRequest的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！