CORS issue when getting a token in Azure AD B2C (Implict Flow) CORS issue when getting a token in Azure AD B2C (Implict Flow) azure azure

CORS issue when getting a token in Azure AD B2C (Implict Flow)


javascript azure openid azure-active-directory azure-ad-b2c

The Azure AD auth endpoints (B2C or otherwise) don't support CORS, nor will they ever.

For Javascript apps, we use the implicit flow with response_type=token or response_type=id_token to get tokens directly from the authorize endpoint - no CORS necessary. Feel free to try it out, it should work just fine.

The reason we say Javascript apps are unsupported right now is because after one hour, the id_token/access_token you get using this method will expire. And we don't have a way to refresh/get a new token silently. This means in the best case, your Javascript app will have to redirect to AAD every hour.

We don't think that's acceptable, so we're working on a feature that will solve this problem. But for now we'll continue to call Javascript apps unsupported.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last