CORS Error when submitting login

Hello,

I am using a javascript widget to connect to the OKTA provider. The Okta team of my company provided me the xml file where I got the Issuer, ClientId, and BaseUrl values.

I tried this widget with a Single-Page Application which I configured in this Okta Developer Portal and it worked successfully.

const oktaSignIn = new OktaSignIn({
logo: ‘/images/LogoForSPA.png’,
baseUrl: “https://xxxxxxx.okta.com”,
redirectUri: “http://xxx-xxxxxxx:6500”,
clientId: “xxxxxxxxxxxxxx”,
authParams: {
issuer: “https://xxxxxxx.okta.com
}
});

BUT when I replaced the configuration values using our company’s provider xml information (I am talking about a legacy application I need to integrate with Okta login), I am getting the CORS error below:

Access to fetch at ‘https://xxxxx.okta.com/api/v1/authn’ from origin ‘http://xxx-xxxxxxx:6500’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

Does somebody experience this issue before? Any hint or clue about what should I take care? Causes?

Thanks you in advance.

hey there! I assume you have the origin added as a trusted origin in your Okta dashboard?

1 Like

Yes and no tyty! When I created my testing Single-Page Application I got similar cors error, and the error was gone after I added it as trusted origin. Unfortunately, I cannot access our Okta provider configuration by myself to review the legacy app configuration. So, I was looking for any clue or extra information before getting our provider help (I created a ticket for them). Thank you.

1 Like

Ok good to know! I would definitely start there as CORS errors can be a bit of a red herring so ruling that out first is a good idea :grinning:

1 Like

Thank you tyty. I will include in my check list :slight_smile:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.