I’m currently working on implementing an OAuth flow that involves calling a POST API at http://localhost:3000/authenticate/email, which subsequently triggers res.idc.login(). However, I’m encountering a CORS error when the request redirects to Auth0 at https://dev-1nyx62hlgk6gdsyg.us.auth0.com/authorize with the necessary parameters for authentication, including the client ID, scopes, response type, and redirect URI. I’ve already added several entries to the allowed web origins in Auth0 settings, including http://localhost:3000, http://localhost:3000/authenticate/email, http://localhost:3000/api/logout, http://localhost:3000/login, and http://localhost:3000/callback. Despite these settings, the CORS error persists. I’m wondering if there’s an additional configuration or URL that needs to be whitelisted to resolve this issue.
Hi @kallurict,
Welcome to the Auth0 Community!
I understand that you are seeing a CORS error after a redirect - I believe you may be running into one of the issues mentioned in this Community Article: CORS error when initiating silent auth requests
Could you please review that article, and check how the redirection is being made by your application? The user’s browser should be navigating to the /authorize URL and not a Javacscript fetch/request.
If you are still having issues, some code snippets of how your application is triggering the redirect would be helpful for further troubleshooting.
Best,
Mary Beth