Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Failed to load openid-configuration. No 'Access-Control-Allow-Origin' header is present
See original GitHub issueHi,
my Identity Provider does not allow to load a discovery document.
I am going to use your samples regarding configuration without discovery:
export class AppComponent {
constructor(private router: Router, private oauthService: OAuthService) {
this.configureWithoutDiscovery();
}
private configureWithoutDiscovery() {
this.oauthService.configure(noDiscoveryAuthConfig);
this.oauthService.tokenValidationHandler = new NullValidationHandler();
this.oauthService.tryLogin();
}
But when i execute the code above absolutely nothing happens in the console. No consent screen, no error. nothing.
When i use this.oauthService.loadDiscoveryDocumentAndLogin(); it works nice on localhost but when deploying to production i am told the error with No ‘Access-Control-Allow-Origin’ …
My noDiscoveryAuthConfig document is fully configured. (skipping the JWKS section)
export const noDiscoveryAuthConfig: AuthConfig = {
clientId: 'aistoxt_ig_client',
redirectUri: environment.pingIdentity.callbackURL,
postLogoutRedirectUri: '',
loginUrl: environment.pingIdentity.loginURL,
scope: 'openid profile email',
resource: '',
rngUrl: '',
oidc: true,
requestAccessToken: true,
options: null,
issuer: environment.pingIdentity.issuer,
clearHashAfterLogin: true,
tokenEndpoint: environment.pingIdentity.tokenEndpointURL,
userinfoEndpoint: environment.pingIdentity.userinfoEndpointURL,
responseType: 'token',
showDebugInformation: true,
silentRefreshRedirectUri: environment.pingIdentity.silentRefreshRedirectUri,
silentRefreshMessagePrefix: '',
silentRefreshShowIFrame: false,
silentRefreshTimeout: 20000,
dummyClientSecret: null,
requireHttps: 'remoteOnly',
strictDiscoveryDocumentValidation: false,
customQueryParams: {
pfidpadapterid: 'OAuthAdapterCCDS',
},
silentRefreshIFrameName: 'angular-oauth-oidc-silent-refresh-iframe',
timeoutFactor: 0.75,
sessionCheckIntervall: 3000,
sessionCheckIFrameName: 'angular-oauth-oidc-check-session-iframe',
disableAtHashCheck: false,
skipSubjectCheck: false,
};
Any clue?
Issue Analytics
- State:
- Created 5 years ago
- Comments:14 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@jeroenheijmans thanks for pointing out the need CORS. for sure this will help me giving it another try in my “people problem” 😃 (you nailed it)
BTW: updated my last comment… Never wanted to be mad at you guys. Love the work you do. Really appreciate it!
@jeroenheijmans the arguments you mentioned seems to have been enough! 😃
Found out that our IT guys have CORS setting for https://*.mycompany.com. If my SPA would be hosted there it would have worked. BUT: My website is hosted under https://*.mycompany.azurewebsites.net. We did not have a CORS setting for this. The CORS rule will be applied - simple in the end
This means we can close this issue. The library will do it’s job.
Solution: CORS rule has to be set in IdServer
i learned a lot on this one: i have focused on the workaround instead of the root cause. @jeroenheijmans you are the man! thanks for pointing out the right direction.
cc: @MarcDrexler