CORS error with /v1/authorize

subs · June 4, 2021, 2:42pm

Why am I getting a CORS error calling the /v1/authorize end point when I have added localhost to Trusted Origins? I only seem to be able to get this to work when I put the URL together with query params and call it directly in the browser.

const result = await axios({
       method: "Post",
       headers: {
           'Content-Type': 'text/plain',
           'Access-Control-Allow-Origin': '*'
       },
       url: 'https://dev-123456.okta.com/oauth2/v1/authorize',
       data: {
          client_id: 'client_id_added_here',
          response_type: 'id_token',
          scope: 'openid%20groups',
          redirect_uri: 'http://localhost:3000/auth',
          state: 'myState',
          nonce: 'myNonceValue'
       }
})

Security > API > Trusted Origins:

Cale · June 4, 2021, 2:48pm

Hi there. Calls to the /authorize need to be redirects, not AJAX calls. See the note in our docs:

Note: When making requests to the /authorize endpoint, the browser (user agent) should be redirected to the endpoint. You can’t use AJAX with this endpoint.

subs · June 4, 2021, 2:59pm

Thank you for the quick reply. I did read that; I just didn’t want to believe it. I appreciate you confirming it for me.

system · June 5, 2021, 3:00pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
I encountered a CORS error when attempting to call the token/authorize API in Angular, even after adding it to the trusted origin. However, the login functionality is working properly OAuth/OIDC angular	7	2637	February 15, 2024
Cors error with axios API	3	4606	March 27, 2024
CORS Error for endpoint "api/v1/apps" Questions	3	4689	February 6, 2019
Authorization with OKTA fails due to CORS (Access-Control-Allow-Origin) Questions	4	6743	January 19, 2024
Blocked by CORS policy when redirect to /authorize Questions dotnet	11	18971	February 10, 2024

CORS error with /v1/authorize

Related topics