CORS Error for endpoint "api/v1/apps"

#1

Even though the origin domain is added in trusted origins, getting CORS error for endpoint “api/v1/apps” whereas the other endpoint “api/v1/users/me” just wokrs fine. Below is the code i have written. Please help me in understanding what might be the issue.

jQuery.ajax({
//url: “https://<>/api/v1/users/me”,
url: “https://<>/api/v1/apps”,
//url: “https://<>/api/v1/apps?filter=user.id+eq+“xxx@abc.com”&expand=user/xxx@abc.com”,
type: ‘GET’,
dataType: ‘json’,
contentType: ‘application/json’,
xhrFields: {
withCredentials: true
},
success: function (data) {
alert(JSON.stringify(data));
alert(“success”);
console.log(JSON.stringify(data));
},
error: function(err){
alert(JSON.stringify(err));
alert(“error”);
}
});

#2

Not all Okta api endpoints support CORS. It’s basically only the primary authentication endpoints (/api/v1/authn), session endpoints (/api/v1/users/me) and oidc/oauth authorization endpoints (/api/oauth2/v1/authorize) that support CORS. (This is not an exhaustive list - there are others). Generally speaking the management apis - or those apis that require an api token - do not support CORS.

#3

Thanks for your reply :slight_smile: In such case, Could you please suggest an alternate approach to use that API endpoint? Basically i want to get all the apps for a particular user and build the dashboard dynamically listing all the apps assigned to current logged in user.