So I’m trying to query the “oauth/token” endpoint in Opera via jquery’s ajax code. The call is carrying out 2 requests. The first one is the OPTION request, which returns a 200 and the response data is
So it moves onto the a 2nd request, which fails with a 500 and the error from the title. Is anyone experiencing similar issues?
Sorry I can’t post more details about the 2nd request, but for some reason the forum regards me as a “new user” even though I have been a paying customer for more than 10 years, so apparently i can’t post more than 2 links in the same post.
Never mind. I solved it. After some research I noticed I was mixing flows. As this was going to be a web app just for my usage, I had been sending the base64 code & the other code to the clientside, and attempting the ajax call to continue with the process (I know it’s insecure to send everything to the browser, but because Im planning to be the only user of the app i disregarded the issue). And this security issue was the actual problem. The “Authorisation” header forces the ajax call to perform an OPTION request and then a POST (this last one fails) as it triggers CORS.
So i’ve redesigned it so that I authenticate on the server-side code - this avoids the CORS check.
I have a feeling this Authorisation header being there and forcing the CORS check to fail is intentional and it was put in place this way to discourage people from the insecure practice of sending all the codes to the client-side in case they were coding a public app.