In terms of settings the most important one to focus would the web_origins one which appears configured correctly. I’m aware of at least one issue with an endpoint that due to a bug was not allowing CORS when it should not depending on tenant configuration. You should update your question with the endpoints that are triggering the CORS error so that further troubleshooting can be made.
Also, a tenant was created a month back and that works fine. This is a newly created tenant. And does not work.
Thanks for the reply. Do you need anymore information ?
Your help will be appreciated.
I am also facing same problem. Any tenant created recently is not allowing cross origin. The ones created a while ago (approx one month) is working fine. I just verified this using fiddler, Access-Control-Allow-Origin is not there in the response header. @jmangelo is this an issue you guys are aware of?
I also am having the same problem. I created a new tenant (bzdb) and added “http://localhost:3000” to all the proper spots in the client settings like I do everytime and CORS is failing on all endpoints:
Thinking that maybe something is just wrong with this tenant, I changed my UI configuration to talk to one of my old tenants and everything works just fine. I checked to ensure that both tenant clients are configured exactly the same.
So then I made a another tenant (bz-tourney-db) and tried again. And again I am getting CORS issues with these urls:
We have the same issue. Seems our new tenant is having issues, but our old ones are working perfectly fine.
Endpoint:
GET https://{TENANT}.eu.auth0.com/user/ssodata/ → status: 404
Warning in console:
“There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a “Origin” error has been logged before this warning, please add “{URL}” to the “Allowed Origins (CORS)” list in the Auth0 dashboard: {URL}”
We have the same issue. Seems our new tenant is having issues, but our old ones are working perfectly fine.
Endpoint:
GET https://{TENANT}.eu.auth0.com/user/ssodata/ → status: 404
Warning in console:
“There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a “Origin” error has been logged before this warning, please add “{URL}” to the “Allowed Origins (CORS)” list in the Auth0 dashboard: {URL}”
The same issue.
I can’t make POST request to /oauth/token.
I got an issue with cors origin but in the settings of client added allowed web origins.
I noticed the auth0 doesn’t return Access-Control-Allow-Origin header.
Somebody know how is it fixing?
The same issue.
I can’t make POST request to /oauth/token.
I got an issue with cors origin but in the settings of client added allowed web origins.
I noticed the auth0 doesn’t return Access-Control-Allow-Origin header.
Somebody know how is it fixing?
The same issue.
I can’t make POST request to /oauth/token.
I got an issue with cors origin but in the settings of client added allowed web origins.
I noticed the auth0 doesn’t return Access-Control-Allow-Origin header.
Somebody know how is it fixing?
Hi all - I just went through the same issue. I had to create a ticket with Auth0 and ask them to fully enable deprecated tenant features. New tenants (as of late last year I believe) are created with them disabled.
We’re continually improving the security of our service. As part of this, we are deprecating a set of APIs (/usernamepassword/login, /ssodata, tokeninfo, /delegation) used by Lock.js v8, v9, and v10 and and auth0.js, v6, v7, and v8. You should update your applications by April 1, 2018.
Currently, new tenants don’t have the ability to use older versions of Lock in embedded form and they also don’t have access to old legacy grant flows. This is one of the possible causes of the CORS error that you’re noticing.
If you decide you need to continue using embedded login, here are the migration guides for Auth0.js 9 and Lock 11.
Please take into consideration that the Hosted Login Page is currently the only way to implement Passwordless authentication on native platforms, as explained here