CORS issue despite I added correct URL in Allowed CORS ( origin )


I’m trying to login user directly using the following API:


Request body:

client_id: ‘’,
audience: ‘’
username: ‘’
password: ‘123456’
realm: ‘Username-Password-Authentication’

And everything works as expected if I’m calling above endpoint and making POST request using POSTMAN.

But trough an SPA ( Angular ) application I’m getting the CORS issue.

What I am doing in an Angular application is simply making the same POST request as I am doing trough POSTMAN.

I know that I have to add Allowed Origins (CORS) so I did that in Application that corresponds to client_id that I’m sending in POST request.

Any ideas what I’m missing or doing wrong?



I am not sure you will be able to use the ROPG type for a single page app (we recommend that you do not). This may be causing the error. Can you look at your auth0 logs to see what it says?

If you send me your tenant name, and a HAR file via a DM I can look into it.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.