Blocked by CORS policy : mfa/authenticators

khushbu · December 17, 2025, 10:54am

Hi team,

We are calling the list all authenticators api and facing the following error:

Access to fetch at ‘https://highbeam-staging.us.auth0.com/mfa/authenticators’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

listAuthenticators: {
  queryKey: ["listAuthenticators"],
  queryFn: async () => {
    const mfaToken = await getMfaToken();
    return auth0Api
      .get<AuthenticatorRep[]>("mfa/authenticators", {
        headers: {
          Authorization: `Bearer ${mfaToken}`,
        },
      })
      .json();
  },
},

The code has correct mfa token as well.

The same was working earlier from the frontend. We are wondering if anything changed in last one month at auth0’s end?

How can we get it to work again from FE?

Topic		Replies	Views
Auth0 MFA enrollement API from front-end getting CORS error Get Help mfa-enrollments	0	1398	January 27, 2023
Auth0 cors error coming auth0/token api even after adding my domain in allowed cors origin Get Help access_token	2	3368	March 24, 2022
Error "The mfa_token provided is invalid. Try getting a new token." Get Help mfa , phone-factor	6	106	May 21, 2025
CORS issue in Auth0 Get Help cors , access-control-allow	2	5937	March 2, 2018
Https://localhost:44362' has been blocked by CORS policy: Get Help apis , application	0	235	April 16, 2024

Blocked by CORS policy : mfa/authenticators

Related topics