cross-site (CORS) ajax call and JSONP problem

**shahbazi** · Jun 13th, 2012, 01:08 PM

Hi

I am trying to develop a mobile app HTML5 + jQuery (PhoneGap) using OAuth2 Authentication.
The problem is that you can not set the header through jsonp calls, then the BasicAuthenticationFilter doesn't have opportunity to get the Authorization from the header.

http://stackoverflow.com/questions/1...p-using-jquery

Any idea how to get an access token from a mobile app?

Code:

 var data = {
	        grant_type : 'password',
	        username : $('#username').val(),
	        password : $('#password').val(),
	        client_id : clientId,		
	        client_secret : clientSecret,
	        scope : 'read'
	    };

 $.ajax({
        type : 'GET',
        url : url+'oauth/token',
        dataType : 'jsonp',
        data : data,
		beforeSend: function (xhr){ 
		 xhr.setRequestHeader('Authorization', make_base_auth($('#username').val(),$('#password').val()));		        
		},
        success : onAuthorizeSuccess,
        error : onAuthorizeError
   });

**shahbazi** · Jun 13th, 2012, 06:40 PM

Actually, I changed the dataType to 'json' and used ClientCredentialsTokenEndpointFilter and seems like it is working

But, I think the problem still remains if we want to send the 'Authorization' token through header either with jsonp or json.

**Dave Syer** · Jun 14th, 2012, 12:56 AM

ClientCredentialsTokenEndpointFilter would be a workaround, but doesn't the stackoverflow link you posted give you a way to add Basic auth headers? That wouldn't help you with the bearer token requests I guess though. I don't know much about the internals of jQuery, but it seems to be a problem there if you can't set request headers, and I would keep digging if I were you. You are using $.ajax() which surely gives you direct access to the XHR, but even if you weren't, isn't there a global ajax setting for all requests?

Anyway, maybe you ought to be using implicit grant type from a JS client? Then you don't need to send the client credentials at all (the client has no secret), but you still need to send the bearer token to the resource server (of course). There's a page in the tonr2 sample (demo.html) that shows you how to do it with a jQuery library called "jso". It uses $.ajax() as well in the library, and manages to set headers just fine.

**hr2** · Nov 13th, 2012, 04:01 PM

Hi All, Can i have sample for this code.We are trying the same thing.calling the Rest service from clinet (HTML5) with oauth2 token but i could nt find it.

**Dave Syer** · Nov 14th, 2012, 02:38 AM

https://github.com/SpringSource/spri...pp/browse.html

**hr2** · Nov 14th, 2012, 02:06 PM

Thanks
I have a simple application
1)Can i use a simple Digest Authenticationn
2) oauth. which is best solution
3)Use both -
Application is very simple - call the backend (spring rest serivce) from html5

Thread: cross-site (CORS) ajax call and JSONP problem

Thread Tools

Display

Hybrid View

cross-site (CORS) ajax call and JSONP problem

Posting Permissions