Cors error with the list users API

roy · June 29, 2018, 1:47pm

I’m trying to use the Users API to search for users. The problem is that i’m keep getting CORS errors, so went a step back and toke the example code of the Cors page of Okta https://developer.okta.com/docs/api/getting_started/enabling_cors

There is some example code

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
      alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users/me', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

When using this, i’m getting back a result.

When changing it to the code below there will be a CORS error. The only line changed is xhr.open(‘GET’, baseUrl + ‘/api/v1/users/me’, true); to xhr.open(‘GET’, baseUrl + ‘/api/v1/users’, true);

var baseUrl = 'https://{yourOktaDomain}';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
    xhr.onerror = function() {
        alert('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
    }
    xhr.onload = function() {
        alert(this.responseText);
    };
    xhr.open('GET', baseUrl + '/api/v1/users', true);
    xhr.withCredentials = true;
    xhr.send();
} else {
    alert("CORS is not supported for this browser!")
}

The error is Failed to load https://{yourOktaDomain}/api/v1/users: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://test.com’ is therefore not allowed access.

bdemers · June 29, 2018, 2:26pm

Hey @roy!

The /api/v1/users endpoint doesn’t support CORS. The endpoints that are supported will be listed with a CORS icon/label.

What are you trying to do maybe we can suggest an alternative?

roy · July 2, 2018, 6:51am

Hi @bdemers,

That’s good to know. That clarifies a lot.

We like to make a internal search machine for employees on our intranet. With the new in early access List Users with Search functionality.

So we can search not only on name, but also on department or job title. If we don’t know the name of the person we need to contact.

And the use of javascript because of the AJAX functionality.

bdemers · July 2, 2018, 1:35pm

Thanks for describing your use case @roy, that always helps us!!

In the short term you you would need to make the call from a custom backend service (Node, Java, etc) and then return that to your front end.

Keep us posted!

roy · July 2, 2018, 2:22pm

Thanks for the help.

We will do that.

SmitaSKumari · June 13, 2022, 12:14pm

Hi @bdemers

I need to call api/v1/user api from react. Do I need a backend server or is there any way to get it from React itself?

andrea · June 13, 2022, 3:18pm

Like @bdemers, the endpoint doesn’t support CORS, thus you can only make this API call from a backend.

SmitaSKumari · June 14, 2022, 9:55am

Thanks @andrea.

I am using okta developer account till we dont have actual configured okta account. Does okta developer account provides user api access or its available in Enterprise account only. If yes, Does it need configuration from developer okta account? Inside App, I have granted okta.users.manage scope. Anything else, I need to do

andrea · June 14, 2022, 11:33pm

Yup, you can hit our APIs with a developer org. With a token granted okta.users.manage scope, you should be able to make a request to list users via Postman. Can you check if that works?

SmitaSKumari · June 16, 2022, 7:03am

Yes, from postman its working.

system · February 12, 2024, 9:13pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.