Angular应用程序中的Azure AD OpenID Connect注销的CORS问题
[英]CORS issue with Azure AD OpenID Connect logout in Angular app
问题描述
I have a tenant in Azure which hosts a number of apps. 
我在Azure中有一个租户,其中包含许多应用程序。 I'm using OpenID Connect for authorization. 我正在使用OpenID Connect进行授权。 In the login.microsoft.com openid-configuration, an end_session_endpoint URL is supplied. 在login.microsoft.com openid-configuration中,提供了end_session_endpoint URL。 This article explains how to send a sign-out request. 此文章解释了如何发送签出请求。 This will end the session in Azure, but not on my client (an Angular2 SPA). 这将结束Azure中的会话,但不会在我的客户端(Angular2 SPA)上结束。 To do this, I'm using angular-oauth2-oidc and the following code: 为此,我使用angular-oauth2-oidc和以下代码:
this.http.get('https://login.microsoftonline.com/TENANT_ID/oauth2/logout",')
.toPromise()
.then(function () {
this.oauthService.logOut();
}
);
The GET to login.microsoftonline.com will end the session on the server and the logOut() call will end the session locally. 到login.microsoftonline.com的GET将结束服务器上的会话, logOut()调用将在本地结束会话。 When I run this, I get the following error: 当我运行它时,我收到以下错误:
XMLHttpRequest cannot load https://login.microsoftonline.com/TENANT_ID/oauth2/logout .
When I check the response from the login.microsoftonline.com GET, Access-Control-Allow-Origin is not one of the response headers. 当我检查login.microsoftonline.com GET的响应时, Access-Control-Allow-Origin不是响应标头之一。 I'm very surprised it wouldn't have that header with * as the value. 我很惊讶它没有带*作为值的标题。 In any event, how can I address this? 无论如何,我该如何解决这个问题? I see there is a CORS setting in App Services and I added my localhost (testing locally currently) to CORS for one of the apps in the tenant, but it's still not working. 我看到App Services中有一个CORS设置,我将我的localhost(当前本地测试)添加到CORS中,用于租户中的一个应用程序,但它仍然无效。
Temporarily, I've added an API endpoint on my apps API that makes a call in C# to the login.microsoftonline.com URL, but it's annoying to have to do that. 暂时,我在我的应用程序API上添加了一个API端点,它使用C#调用login.microsoftonline.com URL,但是必须这样做很烦人。 I'd like to do it all through javascript. 我想通过javascript完成所有操作。
1 个解决方案
解决方案1
0 已采纳 2017-05-31 16:32:13
You need to redirect the browser to the URL. 您需要将浏览器重定向到URL。 You can't call it over AJAX. 你不能通过AJAX调用它。
You must also redirect the user to the end_session_endpoint for sign-out.
Azure AD does not allow cross-domain calls on the login endpoints, and you can't change that. Azure AD不允许在登录端点上进行跨域调用,您无法更改它。
You can redirect the user to: 您可以将用户重定向到:
https://login.microsoftonline.com/ccb87602-82bf-4f35-b7d2-aaaaaaaaaaaa/oauth2/logout?post_logout_redirect_uri=https%3a%2f%2fsitename.azurewebsites.net%2fHome%2fSignedOut
The post_logout_redirect_uri parameter allows you to specify where the user's browser should be redirected after log out. post_logout_redirect_uri参数允许您指定注销后用户浏览器的重定向位置。 This way the user won't lose context. 这样用户就不会丢失上下文。 Do make sure to save up the user's work on your app's side before redirecting so you don't get angry users. 在重定向之前,请确保在应用程序中保存用户的工作,这样您就不会生气。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.