I am authenticating a SPA using the ADFS 3.0 OAuth 2.0 endpoints. The user is redirected to the OAuth2/authorize endpoint, authenticates and is redirected back to a SPA page with the client token in the URL parameters. The redirect page retrieves
the client token from the URL and uses the OAuth/Token endpoint to get a JWT for the WebApi backend. The process works correctly in IE but fails in Firefox and Chrome because the Access-Control-Allow-Origin header is missing from the /Token endpoint
response. How do I enable CORS in ADFS 3.0 OAuth 2.0 endpoints?
↧