6

I am making an ajax call from my client to the google oauth 2 API 'https://accounts.google.com/o/oauth2/auth?redirect_uri=http://blah.com&response_type=token&client_id....' to get the access token, but i get following error:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blah-blah.com' is therefore not allowed access

I want the call to be ajax so that the user is not disturbed when the call is made through url or window.location.href or in other words, how can i get the access token such that the whole page does not load, and is it possible to resolve the above error???

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
clint
  • 1,786
  • 4
  • 34
  • 60

1 Answers1

10

OAuth2 auth endpoint doesn't support AJAX by design. It's an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn't make much sense there.

Ján Halaša
  • 8,167
  • 1
  • 36
  • 36
  • 2
    Thanks for the explanation @Ján Halasa. I'm just wondering: if my front-end is a SPA (e.g., Angular). How can I send back a JWT token after he has authenticated using Google, since it is now a redirect rather than a plain `get` request call where a client can obtain data directly back. – Moody Apr 17 '18 at 22:13
  • @Moody have you solved this question regarding sending back the JWT on a SPA? – LuisMendes535 Dec 04 '19 at 14:30
  • @LuisMendes535 With OAuth2 questions it's good specify a full context - what flow/grant you want to use (code, implicit, hybrid) and what token (access, ID, refresh) you want to use for what purpose. JWT is just a format. I would suggest you to take a look at the [OAuth 2.0 for Browser-Based Apps](https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-04) document, which will probably answer your questions. – Ján Halaša Dec 04 '19 at 19:08
  • @LuisMendes535 Yes - Check this out: https://stackoverflow.com/questions/49887018/angular-express-passport-authenticating-with-google-no-access-control-allow – Moody Dec 06 '19 at 19:40
  • I've been struggling SO hard with this, this lead me in the right direction. Thanks! – iMe Oct 23 '22 at 14:21