Microsoft Dynamics 365 | Integration, Dataverse...

Cannot authenticate using javascript and oath2

(0) Share

Report

Posted on by Fedorov

I want to authenticate against the oath2/token url using code:

I have managed to do this using c# and httpClient object but when I want to do it using javascript I get the following error:

Access to XMLHttpRequest at 'login.microsoftonline.com/.../token' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

I don't get why this error occurs. Both the c#-code and javascript code are running from my local dev-machine at this moment.

The javascript code is as follows:

(I tried using the "insert code" function for the code below but it just froze the window)

var clientId = "76549cbb-xxxx-xxxx-xxxx-5437229398b9";
var clientSecret = "-ZO8Q~r23Yr4N2e1TOUVvxxxxxxxxxxxxxxxx";
var tenantId = "b2a45cb3-xxxx-xxxx-xxxx-f125697c41e2";
var resource = "">xxxxxxxtest.api.crm4.dynamics.com";
var version = "9.2";
var webapiurl = `${resource}/api/data/${version}`;
var authurl = `login.microsoftonline.com/.../authorize`;
var microsoftTokenUrl = `login.microsoftonline.com/.../token`;
var grantType = "client_credentials";

$.support.cors = true;

function GetAuthroisationToken() {
var token = null;
$.ajax({
url: microsoftTokenUrl,
type: "POST",
contentType: "application/x-www-form-urlencoded",
crossDomain: true,
dataType: "json",
async: false,
data: {
resource: resource,
client_id: clientId,
client_secret: clientSecret,
grant_type: grantType,
},
beforeSend: function (XMLHttpRequest) {
XMLHttpRequest.setRequestHeader("Accept", "application/json");
},
success: function (data, textStatus, xhr) {
token = data.access_token;
},
error: function (xhr, textStatus, errorThrown) {
alert(errorThrown);
},
});

return token;
}

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

Community Member on at

Like (0)

Report

Hi Fedorov,

Are you creating a single page application to authenticate? If so, please refer to this doc:

Use OAuth with Cross-Origin Resource Sharing to connect a Single-Page Application (Microsoft Dataverse) - Power Apps | Microsoft Docs

Was this reply helpful? Yes No
Fedorov 40 on at

Like (0)

Report

Thanks for your reply.

I think your link is relevant but I don't have the skills to implement this apparently because it's examples are using an "import" command that throws some error:

"Cannot use import statement outside a module"

When googling the error it suggest using a "module" statement but I just can't get it to work. I'm just using a blank html-page with javascript inside. No NPM packages or anything...

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Fedorov,

I'm afraid that blank html-page with javascript inside can't work. Could you tell us why you need to get token in the html? What do you want to achieve?

Was this reply helpful? Yes No
Fedorov 40 on at

Like (0)

Report

After having read up about oauth2 I now have come to the conclusion that it is not possible to obtain a token from login.microsoft due to browser security features in combination with the fact that I'm not in control of the login.microsoft server. Therefore I cannot tell the server to allow calls from this client with a specific address. ("allow origin").

The thing was that a 3rd party who have no experience with oath2 wanted to authenticate using javascript and I wanted to provide them an example of how to do it to help them.

The solution will instead be that they will create their own server which their client will call and then they will make a request from their server to obtain the token.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Fedorov,

Thanks for sharing your solution.

Was this reply helpful? Yes No