问题
I'm having an rest application which is written using spring framework and using spring oauth2 for security.. And whenever I'm calling this rest services from my Angular App , I'm getting a CORS error.. both applications are running on my local machine(localhost) but with different port(8080 for backend java and 3000 for frontend)..
I've added @crossorigin() in my controller of backend application and all the cross origin for resources APIs are fixed.. but for spring oauth2 authentication url(/oauth/token) this is happening always..
I've tried many ways , but it won't solved my issue.
Anyone please help me....
Thanks
回答1:
The token endpoint (/oauth/token) is supposed to be called from your application server side to get tokens in exchange of authorization grant code, so no CORS rules are applied there - no CORS headers needed (CORS rules are required just by browsers). If you want to get tokens to your Angular application, you should use OAuth2 implicit flow and refresh them using an iframe - so no CORS headers needed here either.
See https://tools.ietf.org/html/rfc6749 for OAuth2 grant types and http://openid.net/specs/openid-connect-session-1_0.html for OpenID Connect session management. Those RFCs are rather easy to read.
来源:https://stackoverflow.com/questions/43225969/oauth2-cross-origin-solution