I am using Okta in production and suddenly it stopped working. Authentication API (‘https://mydomain.oktapreview.com/api/v1/authn’) seems to be working fine but Keys API (https://mydomain.oktapreview.com/oauth2/default/v1/keys) is not working and breaking the application. The strange part is I didn’t make any changes in the application (no update/new deployment). I am getting the CORS error :
Access to XMLHttpRequest at 'https://mydomain.oktapreview.com/oauth2/default/v1/keys' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Its a single page application and I am using “@okta/okta-auth-js”: “^2.0.1” sdk.