cors issue with passport-azure-ad-oauth2

default discord avatar
last month

Hello Payload Community!

I have a weird issue with CORS onto my payload server when trying to authenticate with Azure AD passport strategy.

- I added the azure-ad-oauth2 strategy in my admins collection. (image 1)

- I added the admins/login/callback route in my express routes (which I'm not even sure is necessary, although adding it solved some issues, so I kept it until further notice) (image 2)

- I added CORS config in my payload config (image 3)

- My redirect urls are properly whitelisted in the app registration in my AD (image 4)

With all this setup, I am still unable to authenticate my admins with Azure AD passport strategy, and I am getting this CORS error in my browser console : Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at

. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 302 (see image 5)

Am I missing something?


adding missing image 3

@maverick_cr what's up?

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!


Connect with the Payload Community on Discord



Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.