Hi @hashizumes
Thanks for providing the error. The widget does a CORS request to /api/v1/authn endpoint to authenticate the user. This requires your web server to be added in Okta under Admin >> Security >> API >> Trusted Origins. (or Admin >> API >> Trusted Origins) if using the admin developer console interface.
Based on the error, I see that you are using a local file in the browser. Can you please add this file on a web server (either public or localhost), add the hostname inside the Trusted Origins section with both CORS and Redirect options enabled and then try again?