Hello,
I’m trying to connect to get if there is any record exists in OKTA by calling https://${OKTA_API_URL}/api/v1/users?filter=${encodeURIComponent(profile.login eq “${data.email}”)}
with header parameters
Content-Type:application/json
Authorization:SSWS {{OKTA_TOKEN}}
It is working expected in postman, but having CORS in my SPA (React.js app)
Any resolution will be helpful.
Have you already setup CORS in your Okta Org? For example origin URL ‘http://localhost:3000’
SWSS tokens are not intended to be used in SPAs, as any frontend call will expose the SWSS token. Instead, you should look into Okta 4 Okta to use more narrowly scoped tokens to make these calls on the front end, or proxy the necessary calls through a backend call that keeps the SWSS token hidden.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.