CORS error on Amplify signInWithRedirect flow

Hey, I’m using Auth0 with Cognito/Amplify. I configured Amplify with my Auth0 oauth tenant, and when triggering signInWithRedirect(), I can log in successfully with my Auth0 account. However, returning to the callback page I get a CORS error on ‘xxx.auth0DOTcom/oauth2/token’.

I added the origin site (which is a localhost address) on the Application allowed origins/cors input (also to allowed web origins, callback url etc).

What could be the issue?

Hello,
The CORS error happens because your Amplify setup is likely trying to call token directly from the browser, which is blocked by CORS.

To fix this:

Use Cognito Hosted UI for the federated login flow, not Auth0 directly.

In your Amplify config, make sure oauth.domain points to Cognito’s domain (not Auth0’s), and use responseType: ‘code’.

This way, Cognito handles the token exchange server-side, avoiding CORS issues.

Hope thats helps.

Best Regard,
Nipo

Thanks for the explanation!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.