I have created a Spring Authorization Server - you can find the code on github https://github.com/costerutilo/UTILO-Authorization-Server
I cannot read the token via JavaScript. I created a simple Vue web application to get the client authorization code, but I can't get the token.
Try using the fetch API:
const url = 'http://127.0.0.1:9000/oauth2/token'; var credentials = btoa(import.meta.env.VITE_CLIENT_ID ':' 'secret'); var basicAuth = 'Basic ' credentials; var myHeaders = new Headers(); //myHeaders.append("Authorization", "Basic dXRpbG8tY2xpZW50OnNlY3JldA=="); myHeaders.append("Authorization", basicAuth); myHeaders.append("Content-Type", "application/x-www-form-urlencoded"); var urlencoded = new URLSearchParams(); urlencoded.append("grant_type", "authorization_code"); // urlencoded.append("code", "yyJTTI3JqNno1XlSW59qxX3CCytMm-ChoHnqVw3iSUGyT6ltT_tpPclQ8bdSyeApO4IWE442irBiRwntJJzae9BIntpC3_vshTgNhAfbsBlkwh3n50jkAxs3 hTqavqsy"); urlencoded.append("code", code); urlencoded.append("redirect_uri", "https://www.utilo.eu"); var requestOptions = { method: 'POST', headers: myHeaders, body: urlencoded, redirect: 'follow' }; fetch(url, requestOptions) .then(response => response.text()) .then(result => console.log(result)) .catch(error => console.log('error', error)); In the browser's javascript console, I see a CORS exception
Access to fetch at 'http://127.0.0.1:9000/oauth2/token' from origin 'http://127.0.0.1:9010' has been blocked by CORS policy: Response to preflight request doesn't pass access control check
The server console gives the error:
2023-02-27T09:35:53.786 01:00 TRACE 33212 --- [nio-9000-exec-3] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal =anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied org.springframework.security.access.AccessDeniedException: Access Denied
If I try the same request in Postman, I get JSON with the token.
I don't know what my reasoning error is, or what I'm doing wrong.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
You will need toenable CORSfor your Spring Security filter chain and provide a
@Beansuch asthis example: p>@Configuration public class CorsConfig { @Bean public CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.addAllowedHeader("*"); config.addAllowedMethod("*"); config.addAllowedOrigin("http://127.0.0.1:4200"); config.setAllowCredentials(true); source.registerCorsConfiguration("/**", config); return source; } }Note:Port
4200is for the Angular development environment, replace it with your Vue development server port.