CORS已阻止从来源"xxxx"以"xxx/.well-known/openid-configuration"访问XMLHttpRequest [英] Access to XMLHttpRequest at 'xxx/.well-known/openid-configuration' from origin 'xxxx' has been blocked by CORS
问题描述
我正在使用okta oAuth对angular 8应用程序进行身份验证和授权.自从获得' https://dev-166545.okta .com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration 引起了问题
I am using the okta oAuth to do the authentication and authorization with angular 8 application. Since getting the 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration is causing the issue
我在okta受信任来源中添加了重定向URL.由于公司政策,我无法在CORS中添加URL.
I have added the redirect URL in the okta trusted origin. I can't add the URLs in the CORS because of company policy.
我该如何解决CORS问题
How can I solve the issue CORS
Access to XMLHttpRequest at 'https://dev-166545.okta.com/oauth2/aus1igd7yewoAs4xa357/.well-known/openid-configuration' from origin 'https://localhost:44307' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
但是,在网络中我可以看到
However, in the network I can see
推荐答案
getClientSettings(configuration: IOpenIdOptions): UserManagerSettings {
return {
authority: configuration.authority + '/',
client_id: configuration.clientId,
redirect_uri: configuration.redirectUri,
post_logout_redirect_uri: configuration.redirectUri,
response_type: configuration.responseType, // "id_token token",
scope: "openid profile email " + configuration.apiResourceId,
filterProtocolClaims: true,
loadUserInfo: false,
automaticSilentRenew: true,
monitorSession: true,
silent_redirect_uri: configuration.silentRedirectUri,
accessTokenExpiringNotificationTime: 20, //default 60
checkSessionInterval: 5000, //default 2000
silentRequestTimeout: 20000, //default: 10000
// When CORS is disabled, token signing keys cannot be retrieved
// Manual the metadata and singinKeys for okta auth
metadata: {
// Magic happen here. Confugure to local host
jwks_uri: configuration.jwksUri,
authorization_endpoint: `${configuration.authority}/v1/authorize`,
issuer: configuration.authority
},
};
}
Appsetting.json
Appsetting.json
"openId": {
"authority": "https://dev-166545.okta.com/oauth2/xxxxxxxxxxxxxx",
"clientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"apiResourceId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"redirectUri": "https://localhost:44307/auth-callback",
"silentRedirectUri": "https://localhost:44307/assets/silent-renew.html",
"responseType": "id_token token",
"jwksUri" : "https://localhost:44307/assets/jwks.json"
}
这篇关于CORS已阻止从来源"xxxx"以"xxx/.well-known/openid-configuration"访问XMLHttpRequest的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!