OneDrive oAuth token request gets CORS error

[gp-slick-coder]

Hello,

I try to implement javascript authentication at my UWP app and now I have the exact same problem on this post request: http://stackoverflow.com/questions/29425390/onedrive-oauth-token-request-gets-cors-error

Any solution to this?

Thanks.

[cdmayer]

Can you post the code you're using please?

[gp-slick-coder]

Hi Chris, sure,

    protected getAuthTokenContent(): string {
        let params =
            "client_id=" + this.appInfo.clientId +
            "&redirect_uri=" + encodeURIComponent(this.appInfo.redirectUri) +
            "&client_secret=" + encodeURIComponent("AXVa1...") +
            "&code=" + this.authorizationCode +
            "&grant_type=authorization_code"
        return params
        // retruns: "client_id=000...&redirect_uri=https%3A%2F%2Flogin.live.com%2Foauth20_desktop.srf&client_secret=AXV...&code=M00...&grant_type=authorization_code"
    }

    login(): Promise<any> {
        return this.startAuthorization(this.appInfo).then(() => {
            let url = "https://login.live.com/oauth20_token.srf"
            let content = this.getAuthTokenContent()
            console.log("Content: " + content);        
            $.ajax(url, {
                method: "POST",
                contentType: "application/x-www-form-urlencoded",
                data: content
            }).done(d => {
                console.log("Token response:");
                console.log(d)
            }).fail(d => {
                console.log(d)
            })
        })
    }

[cdmayer]

At first glance it seems like it should be working. One thing you may need to double-check: your redirectUri must match the domain from which you send the request. That is indicated in the OAuth section of the OneDrive API docs.

Have you tried running the same request with a web debugger like Fiddler? It can be helpful to narrow down the source of an issue when the Console isn't enough.

[gp-slick-coder]

The request is working in Fiddler:

HTTP/1.1 400 Bad Request
Cache-Control: no-store
Pragma: no-cache
Content-Length: 127
Content-Type: application/json
Server: Microsoft-IIS/8.5
X-WLID-Error: 0x800482B8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Date: Wed, 03 Aug 2016 09:40:13 GMT
Connection: close

{"error":"invalid_grant","error_description":"The provided value for the 'code' parameter is not valid. The code has expired."}

Do not work in the browser:

XMLHttpRequest cannot load https://login.live.com/oauth20_token.srf. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access. The response had HTTP status code 400.

[cdmayer]

Rather than using the "code" flow, try using the "token" flow. The downside is you won't be able to use refresh_tokens, but you should be able to authenticate without CORS.

[gp-slick-coder]

It is not possible to use 'wl.offline_access' on JavaScript UWP Apps with the 'token flow'.

[cdmayer]

You can see more about OAuth using Javascript in the token flow here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/

[cdmayer]

Additionally, remember that the C# SDK was not written with a Javascript UWP app in mind.

[gp-slick-coder]

Hi Chris,

at least I have a workaround for JS UWP Apps. I create a c# runtime component and do the post request there.

But this problem will hit me on IOS and Android again. So if you know where to address this issue properly, please let me know.

Thanks, George

[cdmayer]

For iOS and Android you should be using the respective SDKs: https://github.com/OneDrive/onedrive-sdk-ios https://github.com/OneDrive/onedrive-sdk-android