CORS issue while making an Ajax request for oauth2 access token

Question 1

I am making an ajax call from my client to the google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com&response_type=token&client_id....' to get the access token, but i get following error:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blah-blah.com' is therefore not allowed access

I want the call to be ajax so that the user is not disturbed when the call is made through url or window.location.href or in other words, how can i get the access token such that the whole page does not load, and is it possible to resolve the above error???

Question 2

OAuth2 auth endpoint doesn't support AJAX by design. It's an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn't make much sense there.

Question 3

Thanks for the explanation @Ján Halasa. I'm just wondering: if my front-end is a SPA (e.g., Angular). How can I send back a JWT token after he has authenticated using Google, since it is now a redirect rather than a plain get request call where a client can obtain data directly back.

Question 4

@Moody have you solved this question regarding sending back the JWT on a SPA?

Question 5

@LuisMendes535 With OAuth2 questions it's good specify a full context - what flow/grant you want to use (code, implicit, hybrid) and what token (access, ID, refresh) you want to use for what purpose. JWT is just a format. I would suggest you to take a look at the OAuth 2.0 for Browser-Based Apps document, which will probably answer your questions.

Question 6

@LuisMendes535 Yes - Check this out: stackoverflow.com/questions/49887018/…

Question 7

I've been struggling SO hard with this, this lead me in the right direction🙏. Thanks!

Ján Halaša Ján Halaša 8,4961 gold badge40 silver badges37 bronze badges · Accepted Answer · 2017-04-07 11:10:39Z

11

OAuth2 auth endpoint doesn't support AJAX by design. It's an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn't make much sense there.

Share

Improve this answer

answered Apr 7, 2017 at 11:10

Ján Halaša's user avatar

Ján Halaša Ján Halaša

8,4961 gold badge40 silver badges37 bronze badges

Sign up to request clarification or add additional context in comments.

5 Comments

Moody

Moody Over a year ago

Thanks for the explanation @Ján Halasa. I'm just wondering: if my front-end is a SPA (e.g., Angular). How can I send back a JWT token after he has authenticated using Google, since it is now a redirect rather than a plain get request call where a client can obtain data directly back.

2018年04月17日T22:13:13.147Z+00:00

LuisMendes535

LuisMendes535 Over a year ago

@Moody have you solved this question regarding sending back the JWT on a SPA?

2019年12月04日T14:30:51.993Z+00:00

Ján Halaša

Ján Halaša Over a year ago

@LuisMendes535 With OAuth2 questions it's good specify a full context - what flow/grant you want to use (code, implicit, hybrid) and what token (access, ID, refresh) you want to use for what purpose. JWT is just a format. I would suggest you to take a look at the OAuth 2.0 for Browser-Based Apps document, which will probably answer your questions.

2019年12月04日T19:08:27.64Z+00:00

Moody

Moody Over a year ago

@LuisMendes535 Yes - Check this out: stackoverflow.com/questions/49887018/…

2019年12月06日T19:40:50.483Z+00:00

iMe

iMe Over a year ago

I've been struggling SO hard with this, this lead me in the right direction🙏. Thanks!

2022年10月23日T14:21:36.14Z+00:00

CollectivesTM on Stack Overflow

CORS issue while making an Ajax request for oauth2 access token

1 Answer 1

5 Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Hot Network Questions

CollectivesTM on Stack Overflow

1 Answer 1

5 Comments

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Linked

Related