Skip to main content

Notifications

Announcements

Join us in the Community for an AMA: December 12th Register Today
News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Cannot authenticate us...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

Cannot authenticate using javascript and oath2

(0) ShareShare
ReportReport
Posted on by Fedorov 338

I want to authenticate against the oath2/token url using code:

login.microsoftonline.com/${tenantId}/oauth2/token
I have managed to do this using c# and httpClient object but when I want to do it using javascript I get the following error:
Access to XMLHttpRequest at 'login.microsoftonline.com/.../token' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
 
I don't get why this error occurs. Both the c#-code and javascript code are running from my local dev-machine at this moment.
The javascript code is as follows:
(I tried using the "insert code" function for the code below but it just froze the window)
var clientId = "76549cbb-xxxx-xxxx-xxxx-5437229398b9";
var clientSecret = "-ZO8Q~r23Yr4N2e1TOUVvxxxxxxxxxxxxxxxx";
var tenantId = "b2a45cb3-xxxx-xxxx-xxxx-f125697c41e2";
var resource = "">xxxxxxxtest.api.crm4.dynamics.com";
var version = "9.2";
var webapiurl = `${resource}/api/data/${version}`;
var authurl = `login.microsoftonline.com/.../authorize`;
var microsoftTokenUrl = `login.microsoftonline.com/.../token`;
var grantType = "client_credentials";

$.support.cors = true;

function GetAuthroisationToken() {
  var token = null;
  $.ajax({
    url: microsoftTokenUrl,
    type: "POST",
    contentType: "application/x-www-form-urlencoded",
    crossDomain: true,
    dataType: "json",
    async: false,
    data: {
    resource: resource,
    client_id: clientId,
    client_secret: clientSecret,
    grant_type: grantType,
  },
  beforeSend: function (XMLHttpRequest) {
    XMLHttpRequest.setRequestHeader("Accept", "application/json");
  },
  success: function (data, textStatus, xhr) {
    token = data.access_token;
  },
  error: function (xhr, textStatus, errorThrown) {
    alert(errorThrown);
  },
  });
 
  return token;
}
  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Cannot authenticate using javascript and oath2

    Hi Fedorov,

    Thanks for sharing your solution.

  • Fedorov Profile Picture
    Fedorov 338 on at
    RE: Cannot authenticate using javascript and oath2

    After having read up about oauth2 I now have come to the conclusion that it is not possible to obtain a token from login.microsoft due to browser security features in combination with the fact that I'm not in control of the login.microsoft server. Therefore I cannot tell the server to allow calls from this client with a specific address. ("allow origin").

    The thing was that a 3rd party who have no experience with oath2 wanted to authenticate using javascript and I wanted to provide them an example of how to do it to help them.

    The solution will instead be that they will create their own server which their client will call and then they will make a request from their server to obtain the token.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Cannot authenticate using javascript and oath2

    Hi Fedorov,

    I'm afraid that blank html-page with javascript inside can't work. Could you tell us why you need to get token in the html? What do you want to achieve?

  • Fedorov Profile Picture
    Fedorov 338 on at
    RE: Cannot authenticate using javascript and oath2

    Thanks for your reply.

    I think your link is relevant but I don't have the skills to implement this apparently because it's examples are using an "import" command that throws some error:

    "Cannot use import statement outside a module"

    When googling the error it suggest using a "module" statement but I just can't get it to work. I'm just using a blank html-page with javascript inside. No NPM packages or anything...

  • Suggested answer
    Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Cannot authenticate using javascript and oath2

    Hi Fedorov,

    Are you creating a single page application to authenticate? If so, please refer to this doc:

    Use OAuth with Cross-Origin Resource Sharing to connect a Single-Page Application (Microsoft Dataverse) - Power Apps | Microsoft Docs

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us in the Community for an AMA: December 12th Register Today

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,240 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,149 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Get batch job history log from D365 FO to Power Automate

Product updates

Dynamics 365 release plans