对 oauth2 访问令牌发出 Ajax 请求时出现 CORS 问题 [英] CORS issue while making an Ajax request for oauth2 access token

问题描述

我正在从我的客户端向 google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com&response_type= 进行 ajax 调用token&client_id....' 获取访问令牌，但出现以下错误:

I am making an ajax call from my client to the google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com&response_type=token&client_id....' to get the access token, but i get following error:

对预检请求的响应未通过访问控制检查:否请求中存在Access-Control-Allow-Origin"标头资源.因此，来源 'http://blah-blah.com' 是不允许的访问

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blah-blah.com' is therefore not allowed access

我希望调用是 ajax，这样当通过 url 或 window.location.href 或换句话说，如何调用时用户不会受到干扰我可以获取访问令牌以使整个页面不加载，是否可以解决上述错误???

I want the call to be ajax so that the user is not disturbed when the call is made through url or window.location.href or in other words, how can i get the access token such that the whole page does not load, and is it possible to resolve the above error???

推荐答案

OAuth2 身份验证端点不支持 AJAX.它是身份验证系统的入口点，因此您必须通过重定向到达那里.身份验证的结果再次重定向到您提供的 URL，因此 AJAX 在那里没有多大意义.

OAuth2 auth endpoint doesn't support AJAX by design. It's an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn't make much sense there.

这篇关于对 oauth2 访问令牌发出 Ajax 请求时出现 CORS 问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！