CORS error with the users API


I’m trying to connect to get if there is any record exists in OKTA by calling https://${OKTA_API_URL}/api/v1/users?filter=${encodeURIComponent(profile.login eq “${}”)}

with header parameters

Authorization:SSWS {{OKTA_TOKEN}}

It is working expected in postman, but having CORS in my SPA (React.js app)

Any resolution will be helpful.

Have you already setup CORS in your Okta Org? For example origin URL ‘http://localhost:3000

SWSS tokens are not intended to be used in SPAs, as any frontend call will expose the SWSS token. Instead, you should look into Okta 4 Okta to use more narrowly scoped tokens to make these calls on the front end, or proxy the necessary calls through a backend call that keeps the SWSS token hidden.

1 Like