CORS Error with Okta React Sample – What Am I Missing?

Hello, everyone!

I’m currently working on understanding SSO and have tried running the example found here: GitHub - okta-samples/okta-react-sample: React + Okta.

I managed to get the React frontend working, but I’m encountering an issue. When I click ‘login’, I receive the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://dev-09774240-admin/oauth2/default/.well-known/openid-configuration. (Reason: CORS request did not succeed). Status code: (null).

Here is how I have configured Okta:

  • Application Type: OIDC - OpenID Connect
  • Application Type: Single-Page Application
  • Sign-in Redirect URIs: http:// localhost:3000/login/callback
  • Sign-out Redirect URIs: http:// localhost:3000

Could anyone help me troubleshoot this CORS issue?

Thanks!

To use Okta with your application running on localhost (assuming you are running locally for this testing), you need to add your localhost URL (e.g., http://localhost:4000) to the “Trusted Origins” list in your Okta Admin Console.

Navigate to Security > API > Trusted Origins, click “Add Origin”, enter your localhost URL, select “CORS” as the Type, and save.

This allows your local development environment to interact with Okta APIs properly.

Thank you, @SitaRam !

I have added http://localhost:3000/ and http://localhost:3000. Also set the type to CORS and Redirect, but it still didn’t work.

The error appears when I call this function inside Home.jsx:

const login = async () => {
  await oktaAuth.signInWithRedirect(); // this line throws errors //
};

Thanks!!

Try updating your ISSUER value to https://dev-09774240.okta.com/oauth2/default (removing -admin and adding the missing .okta.com). Does it still fail?

I noticed your Sign-in and Sign-out redirect URIs have extra space in between http:// and localhost:3000. Maybe it is just a copy/paste error or a typo.
Can you check if you have that space in an actual config?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.