This question is based on the example code provided by Microsoft:
https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-javascript-singlepageapp-angular/active-directory-javascript-singlepageapp-angular/
app.module.ts has been configured and the application can successfully login through the Azure B2C sign in screen.
There is also an Azure function that simply returns a JSON object with one string property "text" through an HTTP GET request. The function has been configured to authenticate using Azure B2C. This has been confirmed by visiting the function URL in the browser, logging in through the B2C login screen, and being returned the JSON object from the function.
The component that is calling the protected api looks like this:
import { Component, OnInit } from '@angular/core';
import { MsalService } from '@azure/msal-angular';
import { HttpClient } from '@angular/common/http';
const FUNCTION_ENDPOINT = 'function-url-here';
export interface MyInterface {
text: string;
}
@Component({
selector: 'app-home',
templateUrl: './home.component.html',
styleUrls: ['./home.component.css']
})
export class HomeComponent implements OnInit {
value: MyInterface;
constructor(private authService: MsalService, private http: HttpClient) { }
ngOnInit() {
this.getValue();
}
getValue() {
this.http.get<MyInterface>(FUNCTION_ENDPOINT).toPromise()
.then(value => {
this.value = value;
});
}
}
When the function authentication is turned off, the JSON from the function is returned to the Angular app. When the function authentication is turned on, following error is printed to the browser console:
Access to XMLHttpRequest at 'https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/authorize?response_type=id_token&redirect_uri=https%3A%2F%functionname.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=SAMPLE-STRING&scope=openid+profile+email&response_mode=form_post&p=b2c_1_signupsignin1&nonce=SAMPLE-STRING&state=redir%3D%252Fapi%252FHttpTrigger2%253Fcode%SAMPLE-STRING' (redirected from 'https://functionname.azurewebsites.net/api/HttpTrigger2?code=SAMPLE-STRING') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The second error:
core.js:4002 ERROR Error: Uncaught (in promise): HttpErrorResponse: {"headers":{"normalizedNames":{},"lazyUpdate":null,"headers":{}},"status":0,"statusText":"Unknown Error","url":"https://functionname.azurewebsites.net/api/HttpTrigger2?code=SAMPLE-STRING","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://functionname.azurewebsites.net/api/HttpTrigger2?code=SAMPLE-STRING: 0 Unknown Error","error":{"isTrusted":true}}
There is also a warning in the console:
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Ffunctionname.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=SAMPLE-STRING&scope=openid+profile+email&response_mode=form_post&p=b2c_1_signupsignin1&nonce=SAMPLE-STRING&state=redir%3D%252Fapi%252FHttpTrigger2%253Fcode%SAMPLE-STRING with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
The URL for the Angular application is http://localhost:4200/. Here is the CORS configuration for the Azure Function:
What can be done to allow the Angular application to make authenticated requests for the Azure Function?