CORS issue with Google Oauth2 for server side webapps

by

When you use the Authorization code grant (OAuth2 for backend apps – &response_type=code), you must redirect the browser to the /auth endpoint – you cannot use XHR for that. The user will be redirected back after authentication.

After redirecting to the /auth endpoint, user needs to see in an address bar that the page is from Google (trusted source) and Google may need to do some more redirects in order to authenticate the user and present the consent page. So using XHR is not possible.

Update: For the third point, your backend API should return the HTTP 401 if the request doesn’t contain valid credentials (not HTTP 30x redirect as it does now). Then, your Angular application needs an HTTP error handler which redirects the browser on HTTP 401 response.

But if you want to keep the token in your Angular application, it’s better to use the Implicit grant, which is designed for applications running in a browser. Because using the Authorization code grant, your backend has the role of client (in OAuth2 scheme), but you want the Angular application to be the client (since it holds the token).

More Related Contents:

  1. How to create cross-domain request?
  2. No ‘Access-Control-Allow-Origin’ header in Angular 2 app
  3. How to make CORS-enabled HTTP requests in Angular 2?
  4. Enabling CORS on Azure Active Directory
  5. Access to XMLHttpRequest has been blocked origin ASP.NET CORE 2.2.0 / Angular 8 / signalr1.0.0 [(CORS Policy-Access-Control-Allow-Origin) failed]
  6. Access to fetch at https://accounts.google.com/o/oauth2/v2/auth has been blocked by CORS
  7. Response for preflight does not have HTTP ok status in angular
  8. i got this error when i use command ng new myprojectname to create new project in angular
  9. Dynamic tabs with user-click chosen components
  10. How do I pass data to Angular routed components?
  11. Angular 2 http.post() is not sending the request
  12. How can I get new selection in “select” in Angular 2?
  13. Location and HashLocationStrategy stopped working in beta.16
  14. Ionic 2 – global NavBar for the app
  15. Angular: How to correctly implement APP_INITIALIZER
  16. Angular 2 – 2 Way Binding with NgModel in NgFor
  17. Using multiple instances of the same service
  18. How to pass query parameters with a routerLink
  19. How to call component method from service? (angular2)
  20. Angular 2 ng2-bootstrap modal inside child component called from parent component
  21. Generic email validator
  22. formGroup expects a FormGroup instance
  23. Angular2 @Input to a property with get/set
  24. Angular 2: How to use JavaScript Date Object with NgModel two way binding
  25. Angular Material 2 DataTable Sorting with nested objects
  26. Angular 6.0 firebase hosting deploy not working
  27. What is the difference between “ng-bootstrap” and “ngx-bootstrap”?
  28. Disable Input fields in reactive form
  29. angular 6 warning for using formControlName and ngModel
  30. Angular 2 beta – Select not working (except in Chrome)

Leave a Comment