I am pretty new to using Okta and perhaps I am missing something. I’ve used Okta example for vue and implemented a very simple application that is supposed to authenticate with Okta. I am sure that I have seen it working a few days back.
However, today when I tried to do the authentication I started to receive following message in console:
Access to XMLHttpRequest at ‘https://******.okta.com/oauth2/default/v1/keys’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
My trusted origins are set. And token POST request returns proper Access-Control… however, GET keys is missing the whole header.
If you access the endpoint /oauth2/default/v1/keys in the browser, do you receive a 200 response with the signing keys?
Also, if you run this example, does it display the signing keys?
var url = 'https://yourDomainHere.okta.com/oauth2/default/v1/keys';
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
xhr.onerror = function() {
console.log('Invalid URL or Cross-Origin Request Blocked. You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
}
xhr.onload = function() {
console.log(this.responseText);
};
xhr.open('GET', url, true);
xhr.send();
} else {
console.log("CORS is not supported for this browser!")
}
</script>
Thanks for answering. Yes I was receiving a 200 response. However, after your response I went again to check the console and noticed that for some reason keys are being served from the cache. Clearing the browser cache resolved the problem.