Access-Control-Allow-Origin error CORS

Hi I call api userinfo from ionic 4 app and I received this message:

Access to XMLHttpRequest at ‘https://dev-…’ from origin ‘http://localhost:8100’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

In developer console I have already enabled Trusted Origins http://localhost:8100

how can I solve this problem?

thanks a lot


A couple of potential issues,
In the Admin console you setup this URL for both Redirect and CORS, not just redirect?
I don’t know if the URL you typed is a typo but there is no endpoint /userinfo directly off of the domain.
See here.
Will either be,

  • ${baseUrl}/oauth2/v1/userinfo
  • ${baseUrl}/oauth2/${Authorization_Server_ID}/v1/userinfo
1 Like

hello thanks for your reply, i have modified the endpoint as you suggested.

As a first step i call the enpoint

Next I call the authorisation_endpoint
with the data

  • response_type (code id_token token)
  • client_id
  • redirect_uri
  • state
  • scope
  • code_challenge
  • code_challenge_method
  • nonce

which returns the access_token

Next I call the userinfo_endpoint passing the access_token in the header of the call as the authorisation bearer

However, the service always returns a 401 error why?

Thank you very much

Sorry, looks like I provided the incorrect link prior, should be,

For userinfo the URL are you using is https://dev-… ?

Yes I also tried using https://dev-… but it always returns error 401

You might want to check the issuer (“iss”) value in your access token. That will determine what the url for the /userinfo endpoint will be.

For example, if your issuer is then you would just append /v1/userinfo to it to get

1 Like

thank you very much I solved the problem

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.