Basic - 2.4 How to access the user info endpoint?
Issue #550
resolved
Given the same origin policy, how is a JavaScript client supposed to access this endpoint? JSONP, CORS? Would it make sense to give advice to implementors?
Comments (4)
-
-
-
assigned issue to
The working group consensus is that Cross-Origin Resource Sharing (CORS) would be the right solution for JavaScript clients and that text to that effect should be added to Standard.
-
assigned issue to
-
- changed title to Basic - 2.4 How to access the user info endpoint?
-
- changed status to resolved
Fixes
#550Added reference to CORS for JS clients to user_info and check_id endpoints in Standard. The behaviour of the endpoints is not part of the basic client profile. This profile is not intended to describe a JS Canvas application that is accessing these endpoints directly. Other profiles will, and Standard has been updated to reflect that. - Log in to comment
The client passes the server the access token in most cases.
How to build a JS client is more of a general OAuth issue.
However you make a good point for Standard, we should probably recommend CORS for user_info and check_id endpoints.
John