Wordpress CORS issue after push sent to phone

I have the Okta/WP plugin working. I have set everything up, including CORS as was recommended in the few guides I could find. However, I am getting a CORS error after the push notification is sent. Everything works up until that last step. The notification is sent to my phone and I click Yes. Then (in the console) the login page shows a CORS error.

Again, I setup CORS properly (it blocks the initial step if not setup) and have everything else working. On the Okta side I do not see any error logs or anything.

Any help would be appreciated as this is something I really want to get done.

What URL is encountering the CORS error?


Is that the site where the plugin is being loaded, or is that the URL that you see in the CORS error? Might be easier if you can share a screenshot of the error you see in the developer console so we can check who is throwing the error (Okta side? WP? etc)

Sorry for the short reply - pretty useless :slight_smile:

I’ve attached 2 screenshots. One is of my settings. The other is of the error I get. Again, it occurs after I click “Yes it’s me” on my phone and I get the green success message (on my phone).

To me it looks like it’s on the Okta side. I’ve tested it on a few other URLs and still get the same error in the end.

The Issuer URI is incorrect. Remove /v1/authorize and retry

If I remove /v1/authorize (it’s now: https://dev-87647795.okta.com/oauth2/default) I get a new console error:

I had this error before and when I did some internet digging it told me to add /v1/authorize…guess that’s not the solution :slight_smile:

It looks like the /authorize call may be succeeding, but the /token call is failing

At least this time its a valid endpoint, but you’re getting a 401. What type of application did you make in Okta/what type of client authentication does it have? Is it a Web app with a Client Secret, or is it a SPA or Native app with PKCE? If its not a SPA with PKCE, can you make a new app that is a SPA with PKCE and use that Client ID in the config instead?

Thank you so much!!!

I’ve been pounding my head against a wall for a week.

For clarity, the solution is to create the app that is a SPA with PKCE

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.