CORS issue while getting token with Oauth 2.0 Client credential flow using just React?

Question

CORS issue while getting token with Oauth 2.0 Client credential flow using just React?

Dev 111

I am able to get the Bearer token from the postman.

https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token

client_id : <cient-id/app-id>,
scope : "https://graph.microsoft.com/.default",
client_secret:<client-secret>,
grant_type : "client_credentials"

Content-Type : "application/x-www-form-urlencoded"

but same thing when I am doing with React using Fetch() method it's giving me the CORS issue. I am using client_cerdentials flow using Oauth2.0.

Answer accepted by question author

1 additional answer

Your answer

Answer 1

Dev 111

It is not the flow or configuration that is causing the issue. The real issue is front-end or SPA. IF you want to call the API for getting token with client Credential flow,You must follow either of the two approaches that is a mandatory thing I guess.
1.Daemon Services
2.Server side Implementation
I have called the api with Node and with same configuration as mention in the docs its working fine now.
Thanks

Krishna Kondaveeti 1 Reputation point

2022-07-19T07:02:26.687+00:00

In my web application I am trying to consume MSGraph and we doesn't want to use login flow for this instead we wanted to use application id to fetch access token. But I tried using login.microsoft online.com ended up with cors issue. Please suggest the steps you followed to generate the access token.
Alaa Almouradi 0 Reputation points

2023-07-25T10:02:00.2+00:00

Hey would you mind sharing more details on the solution? What did you have to do?
Divyansh Kapoor 0 Reputation points

2024-06-21T21:07:05.0966667+00:00

found more details?

Answer 2

Danstan Onyango 3,911 Microsoft Employee

You are getting cors error because AAD rejects the request when you include Origin header while using client_credentials. To start with You are using the client_credentials flow the wrong way.
Consider reading through this guide on client credentials flow to help you understand why its preferred for server side / daemon applications.

To see the error just add Origin header to postman and do the request again.

Also read here to understand the oauth2 flows that you can use

For your case, you can use authorization code flow

Dhruvil Dave 6 Reputation points

2021-10-28T06:03:39.59+00:00

Hi @Anonymous
I am trying to use same flow in Powerapps PCF Component.

https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token

client_id : <client-id/app-id>,
resource : <resource>,
client_secret:<client-secret>,
grant_type : "client_credentials"

Content-Type : "application/x-www-form-urlencoded"

and this PCF component is embedded into a canvas app.
I can use grant_type=authorization_code but I have to add a redirect_uri and I don't want to add any redirection to my code.
Is there any way, I can get the access token and don't get any cors issues?
I want to acquire a token without a login popup if possible.

Error on local environment

Error in canvas app when i embed PCF solution on canvas app

Thanks
Danstan Onyango 3,911 Reputation points Microsoft Employee

2021-10-28T16:05:35.4+00:00

I suggest you open a new community question for your issue.
Dhruvil Dave 6 Reputation points

2021-10-28T16:06:44.683+00:00

Yes, I have opened a new question here.
https://learn.microsoft.com/en-us/answers/questions/607835/cors-issue-while-getting-token-with-oauth-20-clien-1.html

Share via

CORS issue while getting token with Oauth 2.0 Client credential flow using just React?

1 additional answer

Your answer