I’m having an issue using the Okta Sign-in widget. I have a proof of concept where I am getting an browser error that says:
Failed to load https://dev-586182.oktapreview.com/oauth2/v1/authorize?client_id=0...client-SKU=ID_NET451&x-client-ver=5.2.0.0: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:62114’ is therefore not allowed access.
I have configured http://localhost:62114 and http://localhost:62114/ as trusted origins for the API. The odd thing to me is that if I use the redirect flow (as opposed to the widget), it works fine.
I have also tested with the okta-aspnetcode-mvc-example code and that seems to work fine.
Any thoughts would be appreciated. This is my configuration for the widget:
<script type="text/javascript">
const signIn = new OktaSignIn({
/**/
baseUrl: 'https://dev-586182.oktapreview.com/'
/**/
});
signIn.renderEl({ el: '#widget' }, (res) => {
var sessionTokenField = $("#hiddenSessionTokenField");
sessionTokenField.val(res.session.token);
var form = sessionTokenField.parent();
form.submit();
}, (err) => {
console.error(err);
});
</script>
Hi @cmthomps,
Have you followed all the steps recommended by our quickstarts?
Do you have in your widget configuration the following params:
var oktaSignIn = new OktaSignIn({
baseUrl: "https://dotnet.oktapreview.com",
clientId: "{clientId}",
authParams: {
issuer: "https://dotnet.oktapreview.com/oauth2/default",
responseType: ['token', 'id_token'],
display: 'page'
}
});
I am basing my proof of concept on this example: https://github.com/oktadeveloper/okta-aspnetcore-mvc-example
When I run that example, it works fine. When I run my proof of concept, I get the cors error.
Hey @cmthomps,
Unfortunately, that example is outdated.
Please, take a look at our new examples repo for ASP.NET:
https://github.com/okta/samples-aspnetcore
https://github.com/okta/samples-aspnet
Let me know how it goes after trying with these.
I don’t think those examples use the sign on widget.
If you go to the resource-server example, there is a list of our front-end sample applications (Vue, React, and Angular) to demonstrate the interaction with the resource server.
For example, if you go to the React repo, you will see a custom-login example which uses the widget.
If you want to use the plain js widget, then try with the next configuration:
var oktaSignIn = new OktaSignIn({
baseUrl: "https://dev-586182.oktapreview.com/",
clientId: "{clientId}",
authParams: {
issuer: "https://dev-586182.oktapreview.com/oauth2/default",
responseType: ['token', 'id_token'],
display: 'page'
}
});
You can see the full configuration/example in the https://developer.okta.com/quickstart/#/widget/dotnet/aspnetcore.
Also, in the widget repo you can find a lot of examples.
If you have set the right URL as your trusted origin, it should work. Double check that you have the right one.
I am curious about how is your project structure? ASP.NET Core web API + front-end?
Thanks, I’m working on a ASP.NET MVC project (not a Single Page App (SPA)). The examples all seem to be more geared to a Angular type of implementation. The example I had posted in my original message is closest to what I’m trying to do.
OK, so what you want to do is using a custom login page (using the widget) instead of the okta-hosted login page in your asp.net mvc project?
if that is the case, then you want to see this example: https://github.com/okta/samples-aspnetcore/tree/master/self-hosted-login
