Announcement Announcement Module
Collapse
No announcement yet.
cross-site (CORS) ajax call and JSONP problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • cross-site (CORS) ajax call and JSONP problem

    Hi

    I am trying to develop a mobile app HTML5 + jQuery (PhoneGap) using OAuth2 Authentication.
    The problem is that you can not set the header through jsonp calls, then the BasicAuthenticationFilter doesn't have opportunity to get the Authorization from the header.

    http://stackoverflow.com/questions/1...p-using-jquery

    Any idea how to get an access token from a mobile app?

    Code:
     var data = {
    	        grant_type : 'password',
    	        username : $('#username').val(),
    	        password : $('#password').val(),
    	        client_id : clientId,		
    	        client_secret : clientSecret,
    	        scope : 'read'
    	    };
    
     $.ajax({
            type : 'GET',
            url : url+'oauth/token',
            dataType : 'jsonp',
            data : data,
    		beforeSend: function (xhr){ 
    		 xhr.setRequestHeader('Authorization', make_base_auth($('#username').val(),$('#password').val()));		        
    		},
            success : onAuthorizeSuccess,
            error : onAuthorizeError
       });
    Last edited by shahbazi; Jun 13th, 2012, 02:20 PM.

  • #2
    Actually, I changed the dataType to 'json' and used ClientCredentialsTokenEndpointFilter and seems like it is working

    But, I think the problem still remains if we want to send the 'Authorization' token through header either with jsonp or json.
    Last edited by shahbazi; Jun 13th, 2012, 08:13 PM.

    Comment


    • #3
      ClientCredentialsTokenEndpointFilter would be a workaround, but doesn't the stackoverflow link you posted give you a way to add Basic auth headers? That wouldn't help you with the bearer token requests I guess though. I don't know much about the internals of jQuery, but it seems to be a problem there if you can't set request headers, and I would keep digging if I were you. You are using $.ajax() which surely gives you direct access to the XHR, but even if you weren't, isn't there a global ajax setting for all requests?

      Anyway, maybe you ought to be using implicit grant type from a JS client? Then you don't need to send the client credentials at all (the client has no secret), but you still need to send the bearer token to the resource server (of course). There's a page in the tonr2 sample (demo.html) that shows you how to do it with a jQuery library called "jso". It uses $.ajax() as well in the library, and manages to set headers just fine.
      Last edited by Dave Syer; Nov 14th, 2012, 03:37 AM.

      Comment


      • #4
        Hi All, Can i have sample for this code.We are trying the same thing.calling the Rest service from clinet (HTML5) with oauth2 token but i could nt find it.

        Comment


        • #5
          https://github.com/SpringSource/spri...pp/browse.html

          Comment


          • #6
            Thanks
            I have a simple application
            1)Can i use a simple Digest Authenticationn
            2) oauth. which is best solution
            3)Use both -
            Application is very simple - call the backend (spring rest serivce) from html5

            Comment


            • #7
              There's no reason you can't use digest (or basic) auth, and OAuth is only really going to shine if you have a larger system with multiple components. I'm not sure if there are any JavaScript libraries that handle digest natively (and I'm not sure I would trust one, but I'm happy to be proved wrong on that if anyone knows better). So your backend would probably have to be stateful to support authentication from a script client (via a cookie) - some people don't like that.

              Comment


              • #8
                Thanks Dave syer,
                i saw this link for digest to call Backend which is spring rest service.
                http://marcin-michalski.pl/2012/11/0...vascript-ajax/
                my application in both (web and smart phone) .Can i follow the digest or oauth. still it didnt clear picture.

                Comment

                Working...
                X