Cors error with the list users API

Questions
1

I’m trying to use the Users API to search for users. The problem is that i’m keep getting CORS errors, so went a step back and toke the example code of the Cors page of Okta https://developer.okta.com/docs/api/getting_started/enabling_cors

There is some example code

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
      alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users/me', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

When using this, i’m getting back a result.

When changing it to the code below there will be a CORS error. The only line changed is xhr.open(‘GET’, baseUrl + ‘/api/v1/users/me’, true); to xhr.open(‘GET’, baseUrl + ‘/api/v1/users’, true);

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
        alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

The error is Failed to load https://{yourOktaDomain}/api/v1/users: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://test.com’ is therefore not allowed access.

2

Hey @roy!

The /api/v1/users endpoint doesn’t support CORS. The endpoints that are supported will be listed with a CORS icon/label.

What are you trying to do maybe we can suggest an alternative?

1 Like
3

Hi @bdemers,

That’s good to know. That clarifies a lot.

We like to make a internal search machine for employees on our intranet. With the new in early access List Users with Search functionality.

So we can search not only on name, but also on department or job title. If we don’t know the name of the person we need to contact.

And the use of javascript because of the AJAX functionality.

1 Like
4

Thanks for describing your use case @roy, that always helps us!!

In the short term you you would need to make the call from a custom backend service (Node, Java, etc) and then return that to your front end.

Keep us posted!

5

Thanks for the help.

We will do that.

6

Hi @bdemers

I need to call api/v1/user api from react. Do I need a backend server or is there any way to get it from React itself?

7

Like @bdemers, the endpoint doesn’t support CORS, thus you can only make this API call from a backend.

8

Thanks @andrea.

I am using okta developer account till we dont have actual configured okta account. Does okta developer account provides user api access or its available in Enterprise account only. If yes, Does it need configuration from developer okta account? Inside App, I have granted okta.users.manage scope. Anything else, I need to do

9

Yup, you can hit our APIs with a developer org. With a token granted okta.users.manage scope, you should be able to make a request to list users via Postman. Can you check if that works?

10

Yes, from postman its working.

11

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.