Issues with oktadeveloper/okta-vanilla-js-example

Hi all,

I am attempting a “Hello World” with Okta, I’m using the below sample code that I am attempting to use with Okta my sandbox account:

I am running the node service on a local Linux VM with IP address: on port 8080, the same Linux VM is serving files to the browser (index.html, main.js) on port 80.

I am presented with the Okta login, but my browser is throwing a CORS pre-flight error, wondering how I should be handling this. See attached screenshot:

Error text:

Failed to load Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘’ is therefore not allowed access.

So far, I have tried extending the nodejs service (index.js) with this express cors module:

with this: app.options(’*’, cors())

However, I am still getting the same error.

Appreciate any ideas or suggestions, thanks!

Update: I was able to bypass the cors issue by using a browser plugin.

Now, looking at the Okta system logs I can see that my login was successful, however I am now seeing this error on the console:

error.errorCode: error.errorCode: server_error, error.description: The requested feature is not enabled in this environment.

Could this be due to the fact that I have a trial sandbox account?

Is this on the authorize request? I would reach out to your account team to see if they can resolve for for you. More than likely, you are missing API Access Management features.

Thank you! I think that was the issue, I am not able to progress to a new error:

Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘’) does not match the recipient window’s origin (‘’).

I may be able to address this one on my own now, I am serving the page from nginx (port 80) while the node.js service is running on (port 8080). I guess if I served the page from the node instance (port 8080) it would work?