发表新帖
发表新帖

LinkedIn OAuth redirect login returning “No 'Access-Control-Allow-Origin' header is present on the requested resource” error

后端 未结
关注
2 2034
天涯浪人
天涯浪人 2020-12-11 02:12

I\'m currently implementing OAuth login with LinkedIn in my React and Play app and am running into a CORS error when trying to redirect to the authorization page in my dev e

2条回答
  • 刺人心
    刺人心 (楼主)
    2020-12-11 02:42

    https://www.linkedin.com/oauth/v2/authorization responses apparently don’t include the Access-Control-Allow-Origin response header, and because they do not, your browser blocks your frontend JavaScript code from accessing the responses.

    There are no changes you can make to your own frontend JavaScript code nor backend config settings that’ll allow your frontend JavaScript code to make requests the way you’re trying directly to https://www.linkedin.com/oauth/v2/authorization and get responses back successfully.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS explains in more detail but the gist of it is that for CORS, the server the request is being sent to must be configured to send the Access-Control-Allow-Origin response header, nor your own backend server.

    2019-05-30 update

    The current state of things seems to be that when needing to do LinkedIn authorization, you’ll have to initiate the request from your backend code. There’s no way you can do it from your frontend code, because LinkedIn no longer provides any support for it at all.

    LinkedIn did previously provide some support for handling it from frontend code. But the page that documented it, https://developer.linkedin.com/docs/getting-started-js-sdk, now has this notice:

    The JavaScript SDK is not currently supported

    And https://engineering.linkedin.com/blog/2018/12/developer-program-updates has this:

    Our JavaScript and Mobile Software Development Kits (SDKs) will stop working. Developers will need to migrate to using OAuth 2.0 directly from their apps.

    So the remainder of this answer (from 2017-06-13, almost 2 years ago, at the time of this update) has now become obsolete. But it’s preserved below for the sake of keeping the history complete.

    2017-06-13 details, now obsoleted

    Anyway https://developer.linkedin.com/docs/getting-started-js-sdk has official docs that explain how to request authorization for a user cross-origin, which appears to be just this:

    And https://developer.linkedin.com/docs/signin-with-linkedin has other docs that another auth flow:

    0 讨论(0)
 看不清?
提交回复
热议问题