Identityserver4: http 405 on /connect/checksession

also tried with the token and introspec endpoint just in case I'm not using the right endpoint.
I've read that the check session is meant to be used with iframe, and the lib I'm using is more looking for an "API endpoint"

@dmccaffery helped me troubleshooting the issue. I had forgotten to add app.ConfigureCors(); in the configure method of my startup.cs. I also added a cors middleware options.AddPolicy("Free4All", p => p.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials()) and app.UseCors("Free4All");. I can see now a warning in the console output Invalid HTTP method for check session endpoint returned from here https://github.com/IdentityServer/IdentityServer4/blob/2e83a6982cf763e1cecdcce51597381c0e55f7fa/src/IdentityServer4/Endpoints/CheckSessionEndpoint.cs#L29

So we can close this issue?

I believe the CheckSession Endpoint should accept the OPTIONS method in order to support CORS preflight. I'm now pretty sure CORS middlewere (from something else than Identity Server) is not interfering and I believe it's a "bug". But I'd like somebody with more experience with Identity Server 4 to confirm that.

Check session is designed to be loaded from an iframe, not from Ajax.

Is there an equivalent for Ajax request? The lib I'm using (oauth-ng) seems to be supporting only that.

Never heard of it, and the spec describes using it via an iframe.

Ok thanks then, I guess I'll consider using another client lib with integrates openid connect with angular. Any recommandation?

Here's a good one: https://github.com/IdentityModel/oidc-client-js/

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.