Getting Azure active directory token javascript

Question

I am trying to get AAD oauth 2.0 token by sending a post request but always getting the following error.(Please note using similar code in C# works perfectly and also using fiddler/postman)

Origin http://localhost:24310 not found in Access-Control-Allow-Origin header

  function CallAAD()
        {               
            var settings = {
                "async": true,
                "crossDomain": true,
                "url": "https://login.microsoftonline.com/saurabhpersonalad.onmicrosoft.com/oauth2/token",
                "method": "POST",
                "headers": {
                    "content-type": "application/x-www-form-urlencoded",
                    "cache-control": "no-cache",                  
                    "Access-Control-Allow-Origin":"*"
                },
                "data": {
                    "grant_type": "client_credentials",
                    "client_id": "18cff243-e5f1-4e6e-9432-1790724eeb50",
                    "client_secret": "aUoWP9tNSDXblVvn/blmFkJtGyo8HM+YIb4JeIipdL8=",
                    "resource": "https://saurabhpersonalad.onmicrosoft.com/WebApplication6"
                }
            }

            $.support.cors = true;

            $.ajax(settings).done(function (response) {
                debugger;
                alert(response);
            });

Where is this code intended to run? On the client side (e.g. in a browser)? — Philippe Signoret, Dec 05 '16 at 17:42
You should never put the client secret in the front-end. There are flows designed for Single-Page JavaScript applications. — juunas, Dec 05 '16 at 17:52

score 1 · Answer 1 · edited May 23 '17 at 11:45

1

client_credentials grant_type as that grant_type is for confidential clients who can keep the client secrets secure whereas jQuery is meant for browser based public clients. You might want to use your web app's backend to make calls to the web api with the client credentials.

However, to get AAD oauth 2.0 token on broswer clients, we suggest you to use azure-activedirectory-library-for-js which is a library in javascript for frontend to integrate AAD with a ease. You can refer to No 'Access-Control-Allow-Origin' header with Microsoft Online Auth for details.

edited May 23 '17 at 11:45

Community

1
1

answered Dec 06 '16 at 02:51

Gary Liu

13,758
1
17
32

So do you mean User would be redirected to login page if I want to do it from jquery? – Charu Dec 06 '16 at 06:11
Yes, you are right. Usually, `client_credentials` grant_type is used in app only scenario. – Gary Liu Dec 06 '16 at 07:14
I am trying to access AAD resource from JS which is a web resource in CRM Dynamics online. IF I have registered CRM and the end resource in the same AAD, still user will need to login. Isn't there a way to login silently without promting the user. – Charu Dec 06 '16 at 09:18

Getting Azure active directory token javascript

1 Answers1

Linked