我正在尝试从autho获取访问令牌但得到错误“跨源请求被阻止:同源策略禁止在https://movieapi.auth0.com/oauth/token读取远程资源。(原因:CORS头'访问控制 - 允许 - 原点'失踪'。“ 我的职责是:
// These two variables we’ll get from our Auth0 MovieAnalyst-Website Client.
// Head over the the management dashboard at https://manage.auth0.com
// Find the MovieAnalyst Admin(Main) Website Client and copy and paste the Client ID and Secret
const NON_INTERACTIVE_CLIENT_ID = '******';
const NON_INTERACTIVE_CLIENT_SECRET = '****************';
// Next, we’ll define an object that we’ll use to exchange our credentials for an access token.
const authData = {
client_id: NON_INTERACTIVE_CLIENT_ID,
client_secret: NON_INTERACTIVE_CLIENT_SECRET,
grant_type: 'client_credentials',
audience: 'movieanalyst'
};
// We’ll create a function to make a request to the oauth/token Auth0 API with our authData object we created earlier.
// Our data will be validated and if everything is correct, we’ll get back an access token.
// We’ll store this token in the response.
// It may be repetitive to call this endpoint each time and not very performant, so you can cache the access_token once it is received.
const getTokenNonNode = function getTokenNonNode() { // AJAX here instead of superagent
var settings = {
"async": true,
"crossDomain": true,
"url": "https://movieapi.auth0.com/oauth/token",
"method": "POST",
"data": authData
};
$.ajax(settings)
.then(function (response) {
console.log(response);
return response;
});
};
这是客户端和服务器之间的交换: 请求标题 -
Request URL: https://movieapi.auth0.com/oauth/token
Request method:POST
Remote address: 52.89.198.22:443
Status code: 200 ok
Version: HTTP/2.0
ccept
*/*
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US,en;q=0.5
Cache-Control
no-cache
Connection
keep-alive
Content-Length
173
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Host
movieapi.auth0.com
Origin
http://localhost:4000
Pragma
no-cache
Referer
http://localhost:4000/movies
User-Agent
Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/57.0
响应:
cache-control
private, no-store, no-cache, m…te, post-check=0, pre-check=0
content-length
804
content-type
application/json
date
Tue, 28 Nov 2017 18:30:13 GMT
pragma
no-cache
strict-transport-security
max-age=15724800
x-auth0-requestid
bc0da887d55e3dfb181e
X-Firefox-Spdy
h2
x-ratelimit-limit
1000000
x-ratelimit-remaining
999999
x-ratelimit-reset
1511893814
x-robots-tag
noindex, nofollow, nosnippet, noarchive
来自auth0的响应有效负载是:
access_token ***********Obsfucated*********
scope general admin
expires_in 86400
token_type Bearer
然而,没有console.log的响应和步进通过调试器.then似乎被跳过。无论如何,预检选项标题会发送到我的API OPTIONS:
Accept
text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding
gzip, deflate
Accept-Language
en-US,en;q=0.5
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
DELETE
Cache-Control
no-cache
Connection
keep-alive
Host
localhost:8080
Origin
http://localhost:4000
Pragma
no-cache
User-Agent
Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/57.0
然后显然失败了,因为我的回复中没有得到任何值,但我们在响应有效负载中看到了它。任何帮助将不胜感激。