Hi Shib, Have you enabled CORs for token endpoint? If not could you please enable CORs for token as in https://docs.wso2.com/display/AM210/Include+Additional+Headers+in+the+API+Console.
Last part of the document explains how to enable CORs for token endpoint and other Oauth2 APIs. Thank you! On Thu, Jun 28, 2018 at 12:41 PM shibsankar <[email protected]> wrote: > Any comments to this? > > For your convenience, I'm also attaching Chrome browser console > Network report for token API call > > Is there anything I'm missing? > > why I'm getting *Failed to > load http://xx-xx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxx.com:8280/token > <http://xx-xx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxx.com:8280/token>: Request > header field Access-Control-Allow-Methods is not allowed by > Access-Control-Allow-Headers in preflight response.* > > Is there anything missing? > > Regards > Shib > > > > On Thu, Jun 28, 2018 at 11:07 AM, shibsankar <[email protected]> wrote: > >> Okay. I did this step as per your suggestion >> >> >> *"...I think you have to explicitly set withCredentials atribute which is >> a client side attribute to false from your angular application .."* >> >> >> >> So my current code : >> >> *// from Angular Controller js* >> >> var dataObj=" >> grant_type=password&username=xxxxxxxxx&password=xxxxxxxxx&scope=openid"; >> >> Service.callTokenAPI(dataObj) >> .then(function onSuccess(response) { >> console.log("Success"); >> console.log("result #### = " + JSON.stringify(response)); >> }, function onFailure(error) { >> console.log("failure"); >> }); >> >> >> >> *//from Service.js* >> >> var callTokenAPI = function (dataObj) { >> console.log("Call server dataObj =" + angular.toJson(dataObj)); >> var secret=clientKey+":"+clientPass; >> var base64Encoded= btoa(secret); >> console.log("base64Encoded="+base64Encoded); >> return $http({ >> url: tokenAPI, >> method: 'POST', >> data: dataObj, >> *withCredentials:false,* >> headers: { "Content-Type": "application/x-www-form-urlencoded" >> ,"Authorization":base64Encoded} >> }); >> }; >> >> >> When I run my application I get the CORS error in Chrome *browser console >> *as below >> >> *Failed to load >> http://xx-xx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxx.com:8280/token >> <http://xx-xx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxx.com:8280/token>: Request >> header field Access-Control-Allow-Methods is not allowed by >> Access-Control-Allow-Headers in preflight response.* >> >> >> Configuration changes to enable CORS in wso2 server screenshots are >> attached. >> >> >> Is there anything I'm missing now? >> >> Regards >> Shib >> >> >> >> >> On Tue, Jun 26, 2018 at 5:51 PM, Ishara Cooray <[email protected]> wrote: >> >>> Hi Shib, >>> >>> Configuration changes to enable CORS in wso2 server seem to be correct. >>> >>> I think you have to explicitly set withCredentials atribute which is a >>> client side attribute to false from your >>> angular application or whitelist the origin in api-manager.xml without >>> using '*'. >>> >>> Please refer [1] >>> >>> [1] >>> https://stackoverflow.com/questions/42803394/cors-credentials-mode-is-include >>> >>> Thanks & Regards, >>> Ishara Cooray >>> Senior Software Engineer >>> Mobile : +9477 262 9512 >>> WSO2, Inc. | http://wso2.com/ >>> Lean . Enterprise . Middleware >>> >>> On Tue, Jun 26, 2018 at 12:30 PM, shibsankar <[email protected]> wrote: >>> >>>> I'm receiving CORS errors from WSO2 in Chrome browser console. >>>> >>>> >>>> Here is my angular application code & WSO2 CORS configuration >>>> screenshots attached. >>>> >>>> >>>> >>>> *// from Angular Controller js* >>>> >>>> var dataObj=" >>>> grant_type=password&username=xxxxxxxxx&password=xxxxxxxxx&scope=openid >>>> "; >>>> >>>> Service.callTokenAPI(dataObj) >>>> .then(function onSuccess(response) { >>>> console.log("Success"); >>>> console.log("result #### = " + JSON.stringify(response)); >>>> }, function onFailure(error) { >>>> console.log("failure"); >>>> }); >>>> >>>> >>>> >>>> *//from Service.js* >>>> >>>> var callTokenAPI = function (dataObj) { >>>> console.log("Call server dataObj =" + angular.toJson(dataObj)); >>>> var secret=clientKey+":"+clientPass; >>>> var base64Encoded= btoa(secret); >>>> console.log("base64Encoded="+base64Encoded); >>>> return $http({ >>>> url: tokenAPI, >>>> method: 'POST', >>>> data: dataObj, >>>> headers: { "Content-Type": "application/x-www-form-urlencoded" >>>> ,"Authorization":base64Encoded} >>>> }); >>>> }; >>>> >>>> >>>> When I run my application I get the CORS error as below attached. >>>> >>>> *CORS Error in Chrome Browser Console :* >>>> >>>> >>>> >>>> >>>> >>>> >>>> I have the CORS config settings in these mentioned files* >>>> (screenshot attached)* >>>> *api-manager.xml* >>>> *_tokenapi_.xml* >>>> *-revokeapi_.xml* >>>> >>>> >>>> I'm still receiving CORS errors from WSO2. >>>> >>>> Is there anything I'm missing? >>>> >>>> Regards >>>> Shib >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Pubudu Gunatilaka* Committer and PMC Member - Apache Stratos Senior Software Engineer WSO2, Inc.: http://wso2.com mobile : +94774078049 <javascript:void(0);>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
