I've setup a small App Engine web application that provides an API for a certain task. My goal is to connect to this using a static web front-end and several native client applications. For authentication I'm using the built-in OAuth provider.
Consumer tokens for the clients have been created using the Google APIs Console.
A ruby script used for API testing is successfully authenticating and able to request data from OAuth protected API urls.
However trying to access the /_ah/OAuthGetRequestToken using javascript from a different host results in a CORS security exception:
Origin http://exampledomain.nl is not allowed by Access-Control-Allow-Origin.
The domain the html/javascript is hosted on has been specified in the JavaScript origins field of the consumer in the API Console. I've verified it matches the domain the CORS error complains about exactly.
- Is App Engine OAuth ignoring the
JavaScript originsor am I missing something here? - Or is it possible to authenticate a (static) client side javascript application to app engine OAuth in another way?
