Open Closed

How do I authorise a user via /connect/token from a mobile app (CORS error) #518


User avatar
1
peter.ebdon@achorda.com created

Hi,

I am building an ionic mobile app using angular that authorises users against the abp.io commercial back-end.

I am calling /connect/token to log in - as per the react mobile example code.

The problem is that I can only get this to work in a test environment where I can add the test app's local address as an origin. How do I enable this from any mobile device?

This is my log:

2020-10-30 12:04:37.211 +00:00 [INF] Request starting HTTP/1.1 POST http://replaced-app-name/connect/token multipart/form-data; boundary=----WebKitFormBoundary4By0PBl0hb6SeaXc 700 2020-10-30 12:04:37.211 +00:00 [INF] CORS policy execution failed. 2020-10-30 12:04:37.211 +00:00 [INF] Request origin http://replaced-app-name.com does not have permission to access the resource. 2020-10-30 12:04:37.215 +00:00 [WRN] Origin is not allowed: http://replaced-app-name.com 2020-10-30 12:04:37.215 +00:00 [WRN] CorsPolicyService did not allow origin: http://replaced-app-name.com 2020-10-30 12:04:37.216 +00:00 [INF] No CORS policy found for the specified request. 2020-10-30 12:04:37.220 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token 2020-10-30 12:04:37.221 +00:00 [INF] Entity Framework Core 3.1.5 initialized 'IdentityServerDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: None


1 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    The CORS policies are being added in the module classes. For example here https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs#L133

    As you see, it gets the origins from the configuration configuration["App:CorsOrigins"] What you need to do is; set your origins

    when you create a new project, this value is auto configured for your localhost environment "CorsOrigins": "https://*.MyProjectName.com,http://localhost:4200,https://localhost:44307"

    you need to add this http://replaced-app-name.com to your CorsOrigins

    Further info see https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11