Skip to main content
Topics#IntegrationJavier García Ortega 的问题
Javier García Ortega (Plexus) 提问于 #Integration
2022年4月13日 10:26

Error CORS when I try to get Access Token from site

Hi!

I'm trying to access Salesforce content from an external site. For this I want to use the APIs provided by Salesforce.

From Postman it works OK and I do the following:

I have created a connected app in salesforce with this settings:

- Available OAuth Scopes -> full access

- OAuth Policies -> IP Relaxation -> Relax IP restrictions

- OAuth Policies -> Permited Users -> All users may self-authorize

From Postman:

- I do a post request with the following body:

Error CORS when I try to get Access Token from site

- In hit this endpoint 'https://test.salesforce.com/services/oauth2/token' and I get a good response

User-added image

With this access token I can build another request and I get my resource from salesforce until here everything ok...

My problem is when I try to get the access token from the site's javascript. My code:

User-added image

I get this error:

User-added image

To resolve this issue I have added the site from which I launch the requests to the salesforce CORS whitelist and I have enabled the Enable CORS for OAuth endpoints but nothing seems to change.

With the access token obtained via Postman I can do the following request from my site and it works:

User-added image

This SOQL request send me a JSON with a good response.

Therefore, to solve my problem I would need to obtain this access token from my site in order to later build the following request .

Anybody knows how can I resolve this issue?

Thank you very much in advance,

Best regards

 
4 个回答
  1. -1093532158
    2022年4月13日 11:07
    Ok ok,

    I see now, you cannot obtain the access token from the browser, try to get the access token from the site.my.salesforce.com instead the test.salesforce.com.

    Event this works, you should not expose the client id, client secret, username and password in the javascript side, it's very unsecure, I would do the "get access token" request from the server side.
撰写回答...
0/9000