How to use Google's OpenID connect provider with CORS? -

i've written javascript app use google's openid-connect provider authentication. i've registered app @ google's developer console.

i'm using oidc-client-js library handle interactions google , passed app's client_id configuration, passed google authenticate app.

my configuration:

{   client_id: 'secret',   redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/callback`,   response_type: 'token id_token',   scope: 'openid profile',   authority: 'https://accounts.google.com/',   silent_redirect_uri: `${window.location.protocol}//${window.location.hostname}:${window.location.port}/silent_renew.html`,   automaticsilentrenew: true,   filterprotocolclaims: true,   loaduserinfo: true }; 

my dev server runs on https://localhost:8080 (with self-signed dev certificate). i've registered url & redirect uri @ google authorized host app, google knows dev server. when try access google's openid-provider following error:

xmlhttprequest cannot load https://accounts.google.com/.well-known/openid-configuration. no 'access-control-allow-origin' header present on requested resource. origin 'https://localhost:8080' therefore not allowed access.

edit: i've narrowed issue down google's endpoint not having cors headers set in response. authentication works if disable chrome's cors security settings. not desireable means, means cors real culprit here.

is there way me use cors google's openid discovery document? have register cors origin server @ google?

google has updated openid connect discovery document support cors. can give try?