OAuth2訪問原始錯誤

Question

I請求OAuth2服務器的authorization code。 我的目的是授權用戶與我的微軟應用程序。 Refered Document

我對GET呼叫嘗試：

function httpGet(){ 
     var theUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id="client_id"&response_type=code&redirect_uri="redirect_uri"&response_mode=query&resource=https%3A%2F%2Fservice.contoso.com%2F&state=12345"; 

     var req = new XMLHttpRequest(); 
     req.open('GET', theUrl, true); 
     req.onreadystatechange = function() { 
      if (req.readyState === 4) { 
       if (req.status >= 200 && req.status < 400) { 
        console.log(req.responseText) 
       } else { 
        console.log("error") 
       } 
      } 
     }; 
     req.send(); 
    } 

但是這給下面的錯誤：

No 'Access-Control-Allow-Origin' header is present on the requested resource.

然後我加入req.setRequestHeader("Access-Control-Allow-Origin", "*");

，但它提供了以下錯誤：

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

不使用我想出瞭解決方案的任何frontend谷歌庫。

window.open("url") 

完成認證後，我得到了code從url params並將其發送backend和實現access token, refersh token.......etc,

Answer 2

要在JavaScript中集成AAD，我們建議您使用azure-activedirectory-library-for-js這是一個JavaScript前端的庫，用於輕鬆集成AAD。

有2個選項，我們需要注意的，我們使用ADAL的JS面前：

• 根據在https://github.com/OfficeDev/O365-jQuery-CORS#step-6--run-the-sample節點：

  Note This sample will not work in Internet Explorer. Please use a different browser, such as Google Chrome. ADAL.js uses an iframe to get CORS API tokens for resources other than the SPA's own backend. These iframe requests require access to the browser's cookies to authenticate with Azure Active Directory. Unfortunately, cookies are not accessible to Internet Explorer when the app is running in localhost.

• 使您的Azure的AD應用程序的oauth2AllowImplicitFlow。詳細步驟請參考https://crmdynamicsblog.wordpress.com/2016/03/17/response-type-token-is-not-enabled-for-the-application-2/。

下面是代碼示例從微軟收購圖形訪問令牌：

<script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.10/js/adal.min.js"></script> 

<body> 
<a href="#" onclick="login();">login</a> 
<a href="#" onclick="getToken()">access token</a> 
</body> 
<script type="text/javascript"> 
    var configOptions = { 
     tenant: "<tenant_id>", // Optional by default, it sends common 
     clientId: "<client_id>", 
     postLogoutRedirectUri: window.location.origin, 
    } 
    window.authContext = new AuthenticationContext(configOptions); 

    var isCallback = authContext.isCallback(window.location.hash); 
    authContext.handleWindowCallback(); 

    function getToken(){ 
     authContext.acquireToken("https://graph.microsoft.com",function(error, token){ 
      console.log(error); 
      console.log(token); 
     }) 
    } 
    function login(){ 
     authContext.login(); 
    } 
</script>