M
marian.edu
Guest
I see, so they aren't calling back using xmlhttprequest... it's only you that make calls to them that way, the first one using GET works and you get them to somehow callback to your test.html page. The problem seems to occur when you make a xmlhttprequest from that test.html page back to their server right? How do you receive the authorisation token and how do you send that back, any reason for you to use POST instead of GET? What if you use some webspeed page instead of the static one and see what they send back, maybe you can make the post request from the server side instead of using xmlhttprequest. If you look at the network tab in the browser javascript console what is the sequence of requests/redirects that you see? Particularly check the headers sent in first GET response to their server, there should be some CORS related headers. Looks like some oauth authentication but I can't get much info from their web site but looks like some eGovernment site. Usually the way it works is if someone lands on you server and you need to do some authorisation then you redirect them to the auth server ( difi.no ) with your application/client identifiers, they do the login and if all good redirects the user back to your redirect URL and send you some token in the request. Then you can use that token in subsequent requests to difi.no services. Is that something you're trying to implement or is some other flow that you use? Marian Edu Acorn IT www.acorn-it.com www.akera.io +40 740 036 212
Continue reading...
Continue reading...