Problems with okta & cors in kubernetes

advii · January 5, 2021, 11:24pm

I’ve got an Angular app connecting to a Spring boot API and both are protected by okta with the means of the same "application. It works properly locally, it also works if I run my angular and spring boot docker containers locally but I have problems on my remote kubernetes.

I can login to okta with my angular (frontend) app, I can also login to my spring boot (backend app). I can retrieve data from the backend api by entering the right REST address in the browser. But when I try to access the backend from frontend, I get the following error:

Access to XMLHttpRequest at 'https://dev-933944.okta.com/oauth2/default/v1/authorize?response_type=code&client_id=0oa213871t9STk5R8357&scope=openid%20profile%20email&state=hjJmBYKm8qjNiIK_hOshBWcsO8KQTNYpPS1NIiMupWs%3D&redirect_uri=https://backend-svc-dxfkonrad.cloud.okteto.net/login/oauth2/code/okta&nonce=NSHty47EoLbXyCh7zkiXWt3jEDcZIQo0yTg_XVcYp1M' (redirected from 'https://backend-svc-dxfkonrad.cloud.okteto.net/follow-me/tracks') from origin 'https://frontend-svc-dxfkonrad.cloud.okteto.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Both the localhost and the kubernetes frontend app addresses are entered in the allowedOrigins in the backend app.
Anybody had such a problem? As I said, it works locally.
Thank you in advance
Konrad

gpadma · January 7, 2021, 7:17pm

Hi @advii,

Could you let us know how you are accessing /authorize ?
As mentioned in the doc, when making requests to the /authorize endpoint, the browser (user agent) should be redirected to the endpoint. You can’t use AJAX with this endpoint.

advii · January 7, 2021, 10:43pm

Hi,
not sure what would be the answer to this question:/
in my okta application in okta console I have the following settngs:
Client acting on behalf of a user

x Authorization Code

Refresh Token

x Implicit (Hybrid)

x Allow ID Token with implicit grant type

x Allow Access Token with implicit grant type

Login redirect URIs 

http://localhost:8080/login/oauth2/code/okta	
https://oidcdebugger.com/debug	
http://localhost:4200/redirect	
http://localhost:4200/implicit/callback	
https://frontend.cloud.okteto.net/login/oauth2/code/okta	
https://frontend.cloud.okteto.net/redirect	
https://frontend.cloud.okteto.net/implicit/callback	
https://backend.cloud.okteto.net/login/oauth2/code/okta	

Logout redirect URIs 

http://localhost:4200	
https://frontend.cloud.okteto.net/	

Login initiated by App Only

Initiate login URI http://localhost:8080/login/oauth2/code/okta

As of the angular frontend app I have just used the standard okta angular package and my setup looks like this:

const oktaConfig = {
  issuer: 'https://dev-....okta.com/oauth2/default',
  redirectUri: window.location.origin + '/implicit/callback',
  clientId: '...',
  pkce: false
};

As I said, it works on localhost with both docker and without docker.

gpadma · January 11, 2021, 10:03pm

@advii Would you be able to email developers@okta.com with the details to troubleshoot further ?

system · January 26, 2024, 5:59pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
CORS problem with Angular and Spring Questions	7	5048	April 6, 2022
Access okta-protected spring boot microservice from Angular Questions	14	4847	February 8, 2024
CORS problem with Okta, Angular and Spring Questions spring , angular	3	7661	May 5, 2020
First attempt to expose my Angular + Spring Boot in Kubernetes Questions angular	6	4963	December 31, 2020
CORS error when using Okta OIDC with Vue.js and Spring boot on same port Questions	1	3577	January 27, 2024

Problems with okta & cors in kubernetes

Related topics