Getting CORS error when refreshing token from localhost

Hi, I’m trying to refresh my token from my SPA application that is running on localhost. I kept gettting an error saying :

Access to XMLHttpRequest at [… token endpoint… ] from origin [… localhsot …] has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Even though I added my localhost:port in Okta configuration (Trusted Origins), still it’s not allowing the connection. I would like to ask if there is something I’m missing. Any thougths?

Whats the full path to the token endpoint being hit (excluding your domain, I mean)? Is it the token endpoint for the same server that was originally used to get the refresh token?

Hi Andrea,

Here is the URL path where send the request to oauth2/default/v1/token. It’s the same one we use to get the initial token.

I hope this helps.