JS Auth SDK Trusted Origins Prerequisite


I am developing and Angular 1.5 SPA using v2.0.1 of the okta-auth-js library. I have been fighting with issues with Okta API 404s related to the sessions being blocked as 3rd party cookies by our organization. I have looked through every forum post regarding similar issues and came upon the following in the documentation for the Javascript Okta Auth SDK: under the Prerequisites section:

  • An entry in your Org’s “Trusted Origins” for your application. To do this, follow the steps found under the “Trusted Origins tab” section in our API Security help page.

Following the link to the API Security help page.

All cross-origin web requests and redirects from Okta to your organization’s websites must be explicitly whitelisted.

If okta servers are not explicitly whitelisted, what would be the consequences (this isn’t specified)?

Much thanks

Hi @mbpastore

If your app’s hostname is not whitelisted under Trusted Origins, the browser will automatically block the requests to Okta due to the inexistence of Access-Control-Allow-Origin header.