OAuth2访问原始错误

Question

I请求OAuth2服务器的authorization code。 我的目的是授权用户与我的微软应用程序。 Refered Document

我对GET呼叫尝试：

function httpGet(){ 
     var theUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id="client_id"&response_type=code&redirect_uri="redirect_uri"&response_mode=query&resource=https%3A%2F%2Fservice.contoso.com%2F&state=12345"; 

     var req = new XMLHttpRequest(); 
     req.open('GET', theUrl, true); 
     req.onreadystatechange = function() { 
      if (req.readyState === 4) { 
       if (req.status >= 200 && req.status < 400) { 
        console.log(req.responseText) 
       } else { 
        console.log("error") 
       } 
      } 
     }; 
     req.send(); 
    } 

但是这给下面的错误：

No 'Access-Control-Allow-Origin' header is present on the requested resource.

然后我加入req.setRequestHeader("Access-Control-Allow-Origin", "*");

，但它提供了以下错误：

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

不使用我想出了解决方案的任何frontend谷歌库。

window.open("url") 

完成认证后，我得到了code从url params并将其发送backend和实现access token, refersh token.......etc,

Answer 2

要在JavaScript中集成AAD，我们建议您使用azure-activedirectory-library-for-js这是一个JavaScript前端的库，用于轻松集成AAD。

有2个选项，我们需要注意的，我们使用ADAL的JS面前：

• 根据在https://github.com/OfficeDev/O365-jQuery-CORS#step-6--run-the-sample节点：

  Note This sample will not work in Internet Explorer. Please use a different browser, such as Google Chrome. ADAL.js uses an iframe to get CORS API tokens for resources other than the SPA's own backend. These iframe requests require access to the browser's cookies to authenticate with Azure Active Directory. Unfortunately, cookies are not accessible to Internet Explorer when the app is running in localhost.

• 使您的Azure的AD应用程序的oauth2AllowImplicitFlow。详细步骤请参考https://crmdynamicsblog.wordpress.com/2016/03/17/response-type-token-is-not-enabled-for-the-application-2/。

下面是代码示例从微软收购图形访问令牌：

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.10/js/adal.min.js"></script> 

<body> 
<a href="#" onclick="login();">login</a> 
<a href="#" onclick="getToken()">access token</a> 
</body> 
<script type="text/javascript"> 
    var configOptions = { 
     tenant: "<tenant_id>", // Optional by default, it sends common 
     clientId: "<client_id>", 
     postLogoutRedirectUri: window.location.origin, 
    } 
    window.authContext = new AuthenticationContext(configOptions); 

    var isCallback = authContext.isCallback(window.location.hash); 
    authContext.handleWindowCallback(); 

    function getToken(){ 
     authContext.acquireToken("https://graph.microsoft.com",function(error, token){ 
      console.log(error); 
      console.log(token); 
     }) 
    } 
    function login(){ 
     authContext.login(); 
    } 
</script>