Okta CORS Issue? Works Incognito doesn't work outside of Incognito?


#1

Hi,

I’m hoping someone can help me figure out why I have a CORS issue for one of my urls when I’m in a chrome. The odd this is that the login works just fine when I open up an incognito browser and try the same login. See gif below for an example.

out

Here is the actual error:

I’m using the okta-auth-js library and have followed the instructions here. Code snippet for my login action is here:

export const oktaLogin = (username, password) => {
// Attempt to retrieve ID Token from Token Manager
// Example: https://developer.okta.com/code/javascript/okta_auth_sdk
return async (dispatch) => {
try {
let tokenResponse = await oktaClient.tokenManager.get(“idToken”);
let idToken, oktaId;
// Token comes back if not expired
if (tokenResponse) {
// Current token is still fine just reuse
LOGGER.info(Welcome back ${tokenResponse.claims.email});
idToken = tokenResponse[“idToken”];
oktaId = tokenResponse.claims.sub;
} else {
dispatch({ type: types.RESET_AUTH });
dispatch(auth_user_request());
// Sign user in with okta
let signIn = await oktaClient.signIn({ username, password });
// TODO: Figure out if I should be setting this sessionToken
// https://github.com/okta/okta-auth-js#sessionsetcookieandredirectsessiontoken-redirecturi
// Get idToken from okta
// oktaClient.session.setCookieAndRedirect(signIn.sessionToken)
let tokenOrTokens = await oktaClient.token.getWithoutPrompt({
sessionToken: signIn.sessionToken,
responseType: [“id_token”],
scopes: [“openid”, “email”, “profile”]
});

  		// Add token to axios
  		tokenResponse = tokenOrTokens[0];
  		idToken = tokenResponse["idToken"];
  		oktaId = tokenResponse.claims.sub;
  	}
  	axios.defaults.headers.common["Authorization"] = idToken;

  	// Get user
  	let user = await dispatch(fetchLoginByOktaId(oktaId));
  	let userId = user.user_id;

  	let response = await fetchUserAccessAndGroups(userId);
  	let routeData = processApprovedRoutes(
  		response.access,
  		response.protected
  	);

  	// Set up cookies
  	cookies.set("token", idToken, { path: "/" });
  	cookies.set("username", user.username.trim(), { path: "/" });

  	// Add token to tokenManager
  	oktaClient.tokenManager.add("idToken", tokenResponse);
  	dispatch(auth_user_success(user, routeData, response.groups));
  	dispatch(push("/"));
  	return Promise.resolve("Successfully logged in");
  } catch (err) {
  	LOGGER.error(err);
  	dispatch(auth_user_error(err));
  	return Promise.reject(err);
  }

};
};


#2

Update: This works fine on my phone as well without needing to have an incognito browser.