I came a long way make my application working on localhost. My tech stack is:
- Okta Widget
- Code auth flow with PKCE
Everything worked perfect while running locally on localhost:4200 but after I hosted this application on real hosting (www.mycompany.com/login) it stopped working. I can see the Okta Widget but after providing my credentials I see an error in the console. It won’t event ask me for the SMS code.
Access to fetch at 'https://COMPANY.okta.com/api/v1/authn' from origin 'https://COMPANY.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.