CORS error with the users API

malay.digital · December 25, 2020, 6:44am

Hello,

I’m trying to connect to get if there is any record exists in OKTA by calling https://${OKTA_API_URL}/api/v1/users?filter=${encodeURIComponent(profile.login eq “${data.email}”)}

with header parameters

Content-Type:application/json
Authorization:SSWS {{OKTA_TOKEN}}

It is working expected in postman, but having CORS in my SPA (React.js app)

Any resolution will be helpful.

erik · December 28, 2020, 10:24pm

Have you already setup CORS in your Okta Org? For example origin URL ‘http://localhost:3000’

BrettRitter · December 28, 2020, 10:33pm

SWSS tokens are not intended to be used in SPAs, as any frontend call will expose the SWSS token. Instead, you should look into Okta 4 Okta to use more narrowly scoped tokens to make these calls on the front end, or proxy the necessary calls through a backend call that keeps the SWSS token hidden.