We’ve configured an application and an Okta integration to support the device authorization grant, as described here.
I added 2 Trusted Origins for our servers, which are https://www.spsandiford.work/ and http://10.0.0.67:8080. However, we are getting this CORS error when POSTing to the device/authorize endpoint:
“No Access-Control-Allow-Origin header is present on the requested resource”.
We confirmed that this CORS is header is sent for other APIs, for example oauth/…/token.
While researching this problem, I found the following information:
"The Okta API supports CORS on an API by API basis. If you’re building an application that needs CORS, please check that the specific operation supports CORS for your use case. APIs that support CORS are marked with the following icon: CORS. "
Since this is a new API that is not formally documented yet, I can’t see whether CORS is supported for this API. Please advise whether CORS is supported. We will need CORS for our application to work.