By: Master Kumar user 29 Aug 2018 at 1:17 p.m. CDT

6 Responses
Master Kumar gravatar
I am trying to call SCIM API https://mydomain.com/identity/restv1/scim/v2/Users/<inum> by passing the Authorization header, http method as post from Postman its working fine. But the same when trying to call the same API using ajax call in a html page (file:///D:/test/index.html) its doing preflight (http method: OPTIONS) check and failing. I did check the cors filter configuration and was not sure why its still failing. I think its because in response to preflight check request Location with some url is coming Do let me know if i am missing something or doing wrong here

By Michael Schwartz staff 29 Aug 2018 at 1:27 p.m. CDT

Michael Schwartz gravatar
You should not be able to call SCIM from a javascript client. There would be no way to sufficiently hide a client secret.

By Master Kumar user 30 Aug 2018 at 4 a.m. CDT

Master Kumar gravatar
I agree with you, in my case i have client applications that are developed using HTML5,CSS, Javascript/JQuery/Ajax/.. which would be making the API calls directly. So please let me know how to proceed in this case.

By Graham Private user 14 Jan 2019 at 12:51 p.m. CST

Graham Private gravatar
Hi Michael, we had been working on a JS-based registration tool connecting to SCIM but hit the same issue this User mentioned. I understand your point re. the client secret (in fact, I wasn't really comfortable with the approach) but how else can one use a client-side web-app to create users via the SCIM endpoint? Can you point me in the right direction please?

By Michael Schwartz staff 14 Jan 2019 at 2:03 p.m. CST

Michael Schwartz gravatar
The JS application can call an API, which has the proper credentials to call the SCIM endpoint.

By Graham Private user 14 Jan 2019 at 2:05 p.m. CST

Graham Private gravatar
And how do I control the permissions for the new API?

By Graham Private user 14 Jan 2019 at 2:19 p.m. CST

Graham Private gravatar
Oh wait, silly question. UMA. Thanks, understood.