#cors issue with passport-azure-ad-oauth2

Hello Payload Community!
I have a weird issue with CORS onto my payload server when trying to authenticate with Azure AD passport strategy.

• I added the azure-ad-oauth2 strategy in my admins collection. (image 1)
• I added the admins/login/callback route in my express routes (which I'm not even sure is necessary, although adding it solved some issues, so I kept it until further notice) (image 2)
• I added CORS config in my payload config (image 3)
• My redirect urls are properly whitelisted in the app registration in my AD (image 4)

With all this setup, I am still unable to authenticate my admins with Azure AD passport strategy, and I am getting this CORS error in my browser console : Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://login.windows.net/xxxxxx.onmicrosoft.com/oauth2/authorize?session=false&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fadmins%2Flogin%2Fcallback%2F&client_id=xxxxxx. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 302 (see image 5)

Am I missing something?

Thanks!

adding missing image 3

@nocturne basin what's up?

sorry i got confused uu

OK I managed to use this plugin to configure authentication : https://github.com/thgh/payload-plugin-oauth

hi, could you please share how you did it?