CORS Policy denying fetch but I am in trusted origins

So I have some code here I am using to find out which groups a certain user is in. I already have fetched the user info, I did the same process for requesting group info but I continue getting a CORS denied error every time. Here’s the code:

//Checks what groups the user is currently a member of.
fetch(“”, {
method: “GET”,
headers: {
Authorization: SSWS ${accessToken},
redirectUri: ‘http://localost’,
Accept: ‘application/json’,
ContentType: ‘application/json’
.then(response => {
if (!response.ok) {
throw new Error("HTTP error " + response.status);
return response.json();
.then(groups => {
// Store each group in a separate constant
groups.forEach(group => {
const groupName =;
window[groupName] = group;

                            // Check which groups contain the email
                            const groupsContainingUsername = groups.filter(group => {

                            console.log(`Groups of which you are a member:`);
                        .catch(error => {

Here is the exact error I get:

Access to fetch at ‘’ from origin ‘http://localhost’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

The Groups endpoint is not CORS enabled. You can tell which Management endpoints are CORS enabled by looking for the CORS tag, see the tag for /Users here. So you won’t be able to call this endpoint client-side.

More details can be found here as well.

Would storing group membership information in a groups claim be sufficient for your use case?

1 Like

Thanks Andrea! So, how would I got about accessing which groups the user is in?

Groups claim is one way to go about it. Since you already seem to be grabbing an Access Token for the user to get their user profile information (so I presume this token is returned via Auth Code or Implicit flow), you can also set-up a Groups claim for the OIDC app in question and retrieve their group membership information from the Userinfo endpoint.

Definitely check out the guide I linked to above and see if this would work well for you.