admin管理员组文章数量:1299985
I am trying to implement an OAuth Authorization Server but I am confused on how the Authorization Code redirection should work.
The Oauth Client redirects my user to my login page, where they will enter their credentials and if successful, my frontend will move them to an authorize page where on clicking on Authorize button, my frontend calls my backend /authorize endpoint. If the request is validated, my backend sends a 302 Found response with a Location Header containing the redirect url provided by the Oauth Client along with my authorization code.
Now I am confused what happens at this point. I am getting a CORS error at my frontend and the Oauth Client is getting a Preflight Options request at their provided redirect url.
How does the Redirection to the Oauth Client Url work? Does the browser redirect by itself to the new page? Does my frontend need to write the code to redirect here? Why is the CORS issue coming? The Access-Control-Allow-Origin is set to *.
I am trying to implement an OAuth Authorization Server but I am confused on how the Authorization Code redirection should work.
The Oauth Client redirects my user to my login page, where they will enter their credentials and if successful, my frontend will move them to an authorize page where on clicking on Authorize button, my frontend calls my backend /authorize endpoint. If the request is validated, my backend sends a 302 Found response with a Location Header containing the redirect url provided by the Oauth Client along with my authorization code.
Now I am confused what happens at this point. I am getting a CORS error at my frontend and the Oauth Client is getting a Preflight Options request at their provided redirect url.
How does the Redirection to the Oauth Client Url work? Does the browser redirect by itself to the new page? Does my frontend need to write the code to redirect here? Why is the CORS issue coming? The Access-Control-Allow-Origin is set to *.
1 Answer
Reset to default 0The response from the oauth server can contain a HTML page that auto-submits the data back to the client via the browser. As shown in the picture taken from one of my traning classes below:
This may wary depending on the oauth server. My example is from Duende IdentityServer. In your case it might try to do an Ajax call to do this postback.
Basically, this is a clever way, for the auth server to ask the browser to post a request to the client. Use a tool like Fiddler to explore the requsts made by the browser.
本文标签: http redirectHow does Redirection work in Oauth Authorization Code FlowStack Overflow
版权声明:本文标题:http redirect - How does Redirection work in Oauth Authorization Code Flow? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741640305a2389878.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
document.location. It's not an API you call with fetch – Evert Commented Feb 12 at 2:15Locationheaders or have CORS issues because they are simple redirects. – Evert Commented Feb 12 at 20:32/authorizeendpoint. You need to actually send the user to that location, not usefetch(). – Evert Commented Feb 13 at 18:25