Oauth2 cross origin solution

Question

I\'m having an rest application which is written using spring framework and using spring oauth2 for security.. And whenever I\'m calling this rest services from my Angular

Answer 1

The token endpoint (/oauth/token) is supposed to be called from your application server side to get tokens in exchange of authorization grant code, so no CORS rules are applied there - no CORS headers needed (CORS rules are required just by browsers). If you want to get tokens to your Angular application, you should use OAuth2 implicit flow and refresh them using an iframe - so no CORS headers needed here either.

See https://tools.ietf.org/html/rfc6749 for OAuth2 grant types and http://openid.net/specs/openid-connect-session-1_0.html for OpenID Connect session management. Those RFCs are rather easy to read.