0

While using the refresh token to get an access token through office 365 REST api I made the following Jquery ajax request.

jQuery.ajax({
    url: "https://outlook.office365.com/common/oauth2/token",
    type: "post",
    headers:{
      "Content-Type":"application/x-www-form-urlencoded"
    },
    data: {
      grant_type: "refresh_token",
      refresh_token: access_data['refresh_token'],
      client_id: consumer_key,
      client_secret: consumer_secret,
      resource: "https://outlook.office365.com"
    },
    success: function(response){
      console.log(response)
    }
  })

I get the following error

XMLHttpRequest cannot load
https://outlook.office365.com/common/oauth2/token. 
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost' is therefore not allowed access. 
The response had HTTP status code 404.

But I was able to make the same POST request in python through requests library using same refresh_token and client credentials and am unable to figure out why the same POST request does not work through jQuery. Any help on this issue is appreciated.

Thanks

SasiKiran
  • 9
  • 1
  • 6
  • I also tried making a POST on chrome browser using a chrome extension and am getting `404 (Not Found)` error – SasiKiran Jul 01 '15 at 07:37
  • JavaScript cannot make requests to third party domains, due to the [Same Origin Policy](http://en.wikipedia.org/wiki/Same-origin_policy), unless JSONP or CORS are used. In this case it appears they are not. You need to use a server-side proxy to make the request for you. – Rory McCrossan Jul 01 '15 at 07:38
  • What about HTTP status 404 not found? – SasiKiran Jul 01 '15 at 07:41
  • It's the same problem - if you note the last line of the error you posted above: `The response had HTTP status code 404.` – Rory McCrossan Jul 01 '15 at 07:41
  • Can you provide me with the correct way for making the above request? -Thanks – SasiKiran Jul 01 '15 at 07:45

3 Answers3

0

The http://outlook.office365.com resource supports CORS, so you shouldn't be running into this problem. I found this question on Stack Overflow and the accepted answer suggests that jQuery alters the request so that CORS doesn't work and that you need to edit the request headers before executing it.

Make sure your jQuery request has the correct header. Access-Control-Allow-Headers: x-requested-with

Community
  • 1
  • 1
Joe Martella
  • 722
  • 1
  • 8
  • 19
0

Once you uses CORS pls note that CORS uses implicit grant flow thus you will not get a refresh token. Have a look at http://www.cloudidentity.com/blog/2014/10/28/adal-javascript-and-angularjs-deep-dive/ to get more idea on implicit grant flow.

Deepak Singh
  • 1
0

If you're doing this from localhost, most browsers don't allow CORS from localhost. Look into finding the proper flags/configuration in your browser which enables CORS from localhost. Chrome has a few extensions and flags you can set.

laaksom
  • 2,050
  • 2
  • 18
  • 17