Hello, I’m creating a SPA using pure javascript. I’m curious the recommended way to get user profile data from Okta? I would like the complete profile and not just the email. Because I have a pure javascript application, I am using the Okta Sign-in widget. Once they have logged in I store the access token, which I believe is a Bearer token.
I am trying to use this token to call the “oauth2/default/v1/userinfo” endpoint. However, I am getting Cors errors, even though I have all of my set properly in my Okta trusted origins. I’m assuming this is because this endpoint does not support Cors?
I then tried to call the " /api/v1/users/me" to get the users profile. However, I am unable to call this API with the Bearer token returned by the sign-in widget.
How do I trade in my bearer token for an API token, so I can call the “api/v1/users/me”? Keep in mind this is a pure javascript app so I can not store a client secret anywhere?
Or am I taking the wrong approach? Is there an easier way to get the profile data in a pure javascript app?