Unable to authenticate using the client_credentials grant_type

[jeremywhittington]

We are getting a CORS error when trying to authenticate against the token authorization endpoint. We are able to authenticate using the password grant type.

Access to XMLHttpRequest at 'http://X.X.X.X/authorizationserver/token' from origin 'http://our.website/path' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Code:

function getAuthToken() {
    var enterpriseip = $("#enterpriseip").val();
    var miccAuthServerPath = "http://${enterpriseip}/authorizationserver"
    var bearerToken = "";

    $.ajax({
        type: "POST",
        url: "${miccAuthServerPath}/token",
        data: "grant_type=client_credentials&client_id=<CLIENTID>&client_secret=<CLIENTSECRET>",
        headers: {
            "Content-Type": "application/x-www-form-urlencoded"
        }
        }).done(function (data) {
                console.log("Login success.  Received data:  ", data);
                bearerToken = data.access_token; 
        });
}

[maurosollar]

Hi,

For Windows Server run Internet Information Services (IIS) Manager: InetMgr.exe

Start Page Server Sites Default Web Site <--- Click here

After double click at icone "HTTP Response Headers"

And add this item: Name: Access-Control-Allow-Origin Value: *

Restart your IIS and Ready, can be accessed normally without CORS error.