Hello Payload Community!
I have a weird issue with CORS onto my payload server when trying to authenticate with Azure AD passport strategy.
- I added the azure-ad-oauth2 strategy in my admins collection. (image 1)
- I added the admins/login/callback route in my express routes (which I'm not even sure is necessary, although adding it solved some issues, so I kept it until further notice) (image 2)
- I added CORS config in my payload config (image 3)
- My redirect urls are properly whitelisted in the app registration in my AD (image 4)
With all this setup, I am still unable to authenticate my admins with Azure AD passport strategy, and I am getting this CORS error in my browser console : Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
https://login.windows.net/xxxxxx.onmicrosoft.com/oauth2/authorize?session=false&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fadmins%2Flogin%2Fcallback%2F&client_id=xxxxxx. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 302 (see image 5)
Am I missing something?
Thanks!
adding missing image 3
@maverick_cr what's up?
sorry i got confused uu
OK I managed to use this plugin to configure authentication :
https://github.com/thgh/payload-plugin-oauthStar
Discord
online
Get help straight from the Payload team with an Enterprise License.