search

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 842 forks source link

cors error #1301

Closed rklippenberg closed 3 years ago

rklippenberg commented 3 years ago

Hi,

I am using oidc-client version 1.10.1. After 27th of January 2021 I keep getting this error after building and releasing my on-prem application via azure devops (.net core 3.1 web application with a SPA on top written in REACT):

Access to XMLHttpRequest at 'https://xxxxxxxxxx/adfs/.well-known/openid-configuration' from origin 'https://xxxxxxxxxx:8181' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

We are using ADFS 2016 to auth agains active directory. Chrome and Egde is reporting the same error.

I have tried about almost everything to resolve this issue. Adding a proxy in frontend,, adding cors in the .net core pipeline at backend, adding allow cross origin with a wildcard directly in meta tag, intercepting the response header etc. I even did a hard reset on my branche to redeploy last successfull build. But with no luck. Same error.

this is my config (which has not been changed in any way): getConfiguration() { Oidc.Log.logger = window.console; Oidc.Log.level = Oidc.Log.DEBUG;

return {
  authority: REACT_APP_ADFS_IDENTITY_PROVIDER_URL,
  client_id: REACT_APP_ADFS_IDENTITY_PROVIDER_CLIENT_ID,
  redirect_uri: `${REACT_APP_HOST_URL}/oidc`,
    post_logout_redirect_uri: `${REACT_APP_HOST_URL}`,
  response_type: 'id_token token',
  loadUserInfo: false,
  scope: REACT_APP_ADFS_IDENTIY_SCOPE,
  revokeAccessTokenOnSignout: true,
  metadata: {
    issuer: REACT_APP_ADFS_IDENTITY_PROVIDER_URL,
    authorization_endpoint: `${REACT_APP_ADFS_IDENTITY_PROVIDER_URL}/oauth2/authorize/`,
    token_endpoint: `${REACT_APP_ADFS_IDENTITY_PROVIDER_URL}/oauth2/token/`,
    userinfo_endpoint: `${REACT_APP_ADFS_IDENTITY_PROVIDER_URL}/userinfo`,
    end_session_endpoint: `${REACT_APP_ADFS_IDENTITY_PROVIDER_URL}/oauth2/logout`,
    jwks_uri: REACT_APP_ADFS_IDENTIY_JKWS_URI
  }
};

}

Need help :) I do not know if this is a oidc-client issue, but the network tab in dev tools for chrome reports this: openid-configuration CORS error xhr oidc-client.min.js:758

Thanks!

brockallen commented 3 years ago

I do not know if this is a oidc-client issue

It's not.

Access to XMLHttpRequest at 'https://xxxxxxxxxx/adfs/.well-known/openid-configuration' from origin 'https://xxxxxxxxxx:8181' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

You need to enable CORS on your IdP server to allow your SPA origin. If it doesn't allow that, then you're out of luck.

rklippenberg commented 3 years ago

no worries. We had react-scripts version 2.1.8. Upgraded to 4.0.2. Cors error gone!