0
votes

I am attempting to configure Swagger Authentication on my resource server, so that I can authenticate against my authorization server.

I have the resource and authorization servers separated. They are both starting up on my localhost with different ports.

  • Resource Server on port 8083
  • Authorization Server on port 8081

Whenever I attempt to "Authorize", there is a CORS issues.

I forked a project from another website to use as my testing grounds. Below is the forked project.

https://github.com/cbriarnold/oauth2-spring-boot-2.0.2

To test, once both the authorization server and resource server are started, do the following:

  1. Go to http://localhost:8083/swagger-ui.html
  2. Click on "Authorize" button
  3. Click on "Authorize" button in dialog

If you have the developer tools open, you will see that there is the CORS error

Access to fetch at 'http://localhost:8081/oauth/token/' from origin 'http://localhost:8083' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The http status code associated with the above CORS error was 302.

So, I modify the source to try to permitAll (I know this is undesired from a security perspective, but I am just trying to figure out what is going on). I will receive the same CORS error, but with the https status code of 403. Code is found on the following branch.

https://github.com/cbriarnold/oauth2-spring-boot-2.0.2/tree/permitAll

Any suggestions?

1

1 Answers

0
votes

I think you need to add @CrossOrigin(/*your hitting server*/) on your controllers

it's a chrome security check to see if your are permitted to talk with that server or not it sends an option request at first and if you're permitted it send your original request which is accessing swagger

if you want to make sure if that is a cross origin problem or not try to send that request via postman because postman send your request direct without option request at first