Cors error with the list users API

I’m trying to use the Users API to search for users. The problem is that i’m keep getting CORS errors, so went a step back and toke the example code of the Cors page of Okta https://developer.okta.com/docs/api/getting_started/enabling_cors

There is some example code

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
      alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users/me', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

When using this, i’m getting back a result.

When changing it to the code below there will be a CORS error. The only line changed is xhr.open(‘GET’, baseUrl + ‘/api/v1/users/me’, true); to xhr.open(‘GET’, baseUrl + ‘/api/v1/users’, true);

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
        alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

The error is Failed to load https://{yourOktaDomain}/api/v1/users: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://test.com’ is therefore not allowed access.

Hey @roy!

The /api/v1/users endpoint doesn’t support CORS. The endpoints that are supported will be listed with a CORS icon/label.

What are you trying to do maybe we can suggest an alternative?

Hi @bdemers,

That’s good to know. That clarifies a lot.

We like to make a internal search machine for employees on our intranet. With the new in early access List Users with Search functionality.

So we can search not only on name, but also on department or job title. If we don’t know the name of the person we need to contact.

And the use of javascript because of the AJAX functionality.

1 Like

Thanks for describing your use case @roy, that always helps us!!

In the short term you you would need to make the call from a custom backend service (Node, Java, etc) and then return that to your front end.

Keep us posted!

Thanks for the help.

We will do that.