I am implementing Dwolla’s OAuth flow. The first step is redirecting the user to the initiation URL.
Currently I am doing this on the front end with this code:
var baseUrl = "https://uat.dwolla.com/oauth/v2/authenticate?client_id=", dwollaID = MY_DWOLLA_ID, responseAndRedirect = "&response_type=code&redirect_uri=", uri = MY_REDIRECT_URI, authScope = "&scope=AccountInfoFull%7CSend%7CFunding%7CScheduled%7CTransactions"; var oAuthUrl= baseUrl + encodeURI(dwollaID + responseAndRedirect + uri) + authScope; window.location.href = oAuthUrl;
Is this best practice to redirect from the front end? Is there any risk from the fact that I am exposing my Dwolla ID (of course, it would be in the URL)?
When I attempt to redirect from the server, my browser logs this error message:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin is therefore not allowed access.
The cause behind that message may be beyond the scope for this forum post, but if it is acceptable practice to redirect from the front-end, I won’t worry about it.