question

VincentMontreal-7976 avatar image
0 Votes"
VincentMontreal-7976 asked SaurabhSharma-msft commented

OAuth-openId: Can't call the /openid/userinfo. Cors policy problem

Hello

I have a single page application that is register into the azure portal. I use a react library to make the code flow. I manage to get an access token with my code but after that I try to call (with my accessToken) this endpoint :
https://login.microsoftonline.com/{:TenantID}/openid/userinfo but I have this error:
Access to XMLHttpRequest at 'https://login.microsoftonline.com/{:TenandId}/openid/userinfo' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Do you know how I can access to this endpoint from http://localhost:3000 (for now and later from my production url) ?
Thanks for your help,

Regards,
Vincent

azure-active-directoryazure-ad-authentication-protocols
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VincentMontreal-7976 Have you tried adding allowed headers to 'Authorization' and 'Content-Type' in your code. Can you please provide the code snippet you are using.

0 Votes 0 ·

Hello @SaurabhSoni-3099 , The Authorization (with the accessToken) is set into the headers request. I can't show you a snippet of the code because this is a React library but I can show you a screenshot of the call. Is that a way to verify into Azure that my app allowed Cors policy ? 9677-call-openid-user-info.jpg


Regards,


Vincent


0 Votes 0 ·

@VincentMontreal-7976 Are you using a v1 endpoint or a v2 endpoint to get the token. If you are using a v2 endpoint (https://login.microsoftonline.com/{ tenant }/oauth2/v2.0/authorize) then you need to call https://graph.microsoft.com/oidc/userinfo endpoint with Microsoft Graph scope to get the user info.
Please navigate to https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration to get the openid metadata. I also suggest you to try to get the token and call the user info endpoint from Postman to validate your expected result.


0 Votes 0 ·
Show more comments

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hello @VincentMontreal-7976


Add the crossorigin attribute to your < script > tags:


< script crossorigin src="..." >< /script >


Also ensure the response is with the Access-Control-Allow-Origin: *




Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.