Microsoft Online Auth 没有“Access-Control-Allow-Origin"标头 [英] No 'Access-Control-Allow-Origin' header with Microsoft Online Auth

查看:24
本文介绍了Microsoft Online Auth 没有“Access-Control-Allow-Origin"标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 Microsoft graph OAuth 端点发出一个简单的请求以获取访问令牌.当我发送下面的简单请求时,我得到了

<块引用>

请求的资源上不存在Access-Control-Allow-Origin"标头.Origin 'localhost:8080/myapprunninglocally' 因此不允许访问.**"

var xhttp = new XMLHttpRequest();xhttp.open("GET", "https://login.microsoftonline.com/common/oauth2/authorize?client_id=<client_id>&scope=wl.signin%20wl.calendars_update&response_type=token&redirect_uri=localhost:8080/myapprunninglocally", true);xhttp.send();

我还使用 Microsoft Azure 目录注册了这个应用程序,请求了所有权限,并使用了委派的 client_id.

我已经阅读了 CORS 并且我知道跨域策略但是,我知道有些 API 公开了在它们的端点中包含 'Access-Control-Allow-Origin'响应头.有人能帮忙吗?

解决方案

要将 AAD 集成到 javascript 中,我们建议您使用 azure-activedirectory-library-for-js 这是一个 javascript 库,用于前端轻松集成 AAD.

在我们使用 ADAL for JS 之前,我们需要注意两个选项:

以下是从 Microsoft Graph 获取访问令牌的代码示例:

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.14/js/adal.min.js"></script><身体><a href="#" onclick="login();">登录</a><a href="#" onclick="getToken()">访问令牌</a></身体><脚本类型="文本/javascript">var configOptions = {tenant: "<tenant_id>",//默认可选,发送commonclientId: "<client_id>",postLogoutRedirectUri:window.location.origin,}window.authContext = new AuthenticationContext(configOptions);var isCallback = authContext.isCallback(window.location.hash);authContext.handleWindowCallback();函数getToken(){authContext.acquireToken("https://graph.microsoft.com",function(error, token){控制台日志(错误);控制台.log(令牌);})}函数登录(){authContext.login();}</脚本>

I am trying to make a simple request to get an access token using the Microsoft graph OAuth endpoint. When I send the simple request below I get

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'localhost:8080/myapprunninglocally' is therefore not allowed access.**"

var xhttp = new XMLHttpRequest();
xhttp.open("GET", "https://login.microsoftonline.com/common/oauth2/authorize?client_id=<client_id>&scope=wl.signin%20wl.calendars_update&response_type=token&redirect_uri=localhost:8080/myapprunninglocally", true);
xhttp.send();

I have also registered this app using Microsoft Azure Directory, requested ALL permissions, and used the delegated client_id.

I have read up on CORS and I am aware Cross-Origin Policies however, I'm aware there are APIs which expose endpoints that include the 'Access-Control-Allow-Origin' in their response headers. Is anyone able to help?

解决方案

To integrate AAD in javascript, we suggest you to use azure-activedirectory-library-for-js which is a library in javascript for frontend to integrate AAD with a ease.

There are 2 options we need to pay attention on before we use ADAL for JS:

Here is the code sample to acquire access token from Microsoft Graph:

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.14/js/adal.min.js"></script>

<body>
<a href="#" onclick="login();">login</a>
<a href="#" onclick="getToken()">access token</a>
</body>
<script type="text/javascript">
    var configOptions = {
        tenant: "<tenant_id>", // Optional by default, it sends common
        clientId: "<client_id>",
        postLogoutRedirectUri: window.location.origin,
    }
    window.authContext = new AuthenticationContext(configOptions);

    var isCallback = authContext.isCallback(window.location.hash);
    authContext.handleWindowCallback();

    function getToken(){
        authContext.acquireToken("https://graph.microsoft.com",function(error, token){
            console.log(error);
            console.log(token);
        })
    }
    function login(){
        authContext.login();
    }
</script>

这篇关于Microsoft Online Auth 没有“Access-Control-Allow-Origin"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆