问题
Need to get the authorization token to access my app running on localhost. I query the AAD token endpoint for the token from the Swagger OAuth2 client in UseSwaggerUi3. I get the CORS error that endpoint is not allowing the cross origin requests from my localhost. How can I fix this?
[Edit] I'm able to get the token if I send a POST request to the same endpoint using Fiddler.
回答1:
You can't use client credentials flow from the front-end. Firstly because your secret is visible to anyone who sees the page.
Secondly because Azure AD blocks cross origin requests to its token endpoint. (as you saw)
You need to use authorization code or implicit flow with user context. Or build another API which gets the token in the back-end and calls the other API with it.
回答2:
CORS are the cross origin resource, it will allow two different web apps working on 2 different origin to communicate with each other. There are two ways to enable cors 1) go-to azure - web apps - setting column search - cors. 2) add new cors header as "*", which means it will allow all the urls which are requesting the web app, you also provide specific one url. 3) save it. 4) second approach is allow cors header from your code in web config headers.
来源:https://stackoverflow.com/questions/54337781/client-credentials-authorization-with-azure-active-directory-and-swagger