Basic - 2.4 How to access the user info endpoint?

Issue #550 resolved
Torsten Lodderstedt created an issue

Given the same origin policy, how is a JavaScript client supposed to access this endpoint? JSONP, CORS? Would it make sense to give advice to implementors?

Comments (4)

  1. John Bradley

    The client passes the server the access token in most cases.

    How to build a JS client is more of a general OAuth issue.

    However you make a good point for Standard, we should probably recommend CORS for user_info and check_id endpoints.


  2. Michael Jones

    The working group consensus is that Cross-Origin Resource Sharing (CORS) would be the right solution for JavaScript clients and that text to that effect should be added to Standard.

  3. John Bradley

    Fixes #550 Added reference to CORS for JS clients to user_info and check_id endpoints in Standard. The behaviour of the endpoints is not part of the basic client profile. This profile is not intended to describe a JS Canvas application that is accessing these endpoints directly. Other profiles will, and Standard has been updated to reflect that.


  4. Log in to comment