Ajax Call [AuthorizeForScopes] Attributed Action Produce CORS error when MSAL exception is thrown #665
Conversation
…d by ajax method cause use agent CORS error. Suggest enhancement (1) in [AuthorizeForScopes] to provide a return url extract from ajax custom header for user agent to return to after the challenge is satisfied. (2) in OpenIdConnentHandler, after the redirect url for Identity Provider is calculated, for ajax request, the handler will return a 401 with this redirect url in the header location. Added a test project to test modified AuthorizeForScopes Attribute to handle Ajax call. It depends on a locally built microsoft.aspnetcore.authentication.openidconnect dev nupkg within which associate change on ajax call redirection is handled differently (OpenIdConnectHandler need to be updated at Asp.net Core side).
|
|
|
@creativebrother thanks for the PR. we will take a look. Could you move the test project under the "tests" folder? thanks. |
Hi, @jennyf19 I believe the test project is under tests folder. Do you mean I do not need an extra folder underneath tests folder, just put the test project directly underneath the tests folder? |
|
@creativebrother like |
|
thanks @creativebrother |
…the lib project to test project.
|
@jennyf19 I made another PR in Aspnetcore project side. dotnet/aspnetcore#26689 to address the issue. |
|
@creativebrother thanks again. I pulled your fork and tested it out. looks great. there are some things we would need to change, just small things on our end. I think it's easiest to merge your PR, and then we can update the test app as needed. this is really great. thank you. @jmprieur In reply to: 705536463 [](ancestors = 705536463) |
| /// <param name="resource">Resource to obtain access token for</param> | ||
| /// <returns></returns> | ||
| private async Task<string> GetAccessTokenforResource(string scope) | ||
| { |
There was a problem hiding this comment.
nit: we'll probably remove this, but after we merge.
There was a problem hiding this comment.
Yes, I agree. I was using an older version of our app as template and it is in the resource concept era....
|
@creativebrother going to merge this and then i'll do another PR fixing the comments i have above. Thanks again for this AWESOME contribution. The team really appreciates it! |
@jennyf19 Love to contribute to Open Source Project. Your guys/ladies are awesome! |
|
@creativebrother we love it too! less work for us! lol! idk when we would have gotten around to this. feel free to contribute as much as you like ;) |
|
Thanks for the addition @creativebrother. I am very happy to see this incoming to 1.2.0 and I'm sure many others in the future will appreciate it as well. |
Controller Action decorated with [AuthorizeForScopes] Attribute called by ajax method cause user agent CORS error when MSAL exception is thrown.
Suggest enhancement
(1) in [AuthorizeForScopes] to provide a return url extract from ajax custom header for user agent to return to after the challenge is satisfied.
(2) in OpenIdConnentHandler, after the redirect url for Identity Provider is calculated, for ajax request, the handler will return a 401 with this redirect url in the header location.
Added a test project to test modified AuthorizeForScopes Attribute to handle Ajax call. It depends on a locally built microsoft.aspnetcore.authentication.openidconnect dev nupkg within which associate change on ajax call redirection is handled differently (OpenIdConnectHandler need to be updated at Asp.net Core side).