CORS issue in Auth0

ianrussel · December 8, 2017, 4:23pm

I need to get users by calling the Auth0 API, but it doesnt work though,

Here is my code

getAllUsers () {
                const url = 'https://ian.auth0.com/api/v2/users'
                const fucks = `Bearer ${getAccessToken()}`
                console.log(fucks, 'fucks is fucks')
                const headers = {
                    headers: {
                        'Authorization': `Bearer ${getAccessToken()}`,
                       // 'Access-Control-Allow-Origin': '*',
                        //'Content-Type': 'application/json'
                    }
                }
                this.axios.get(url, {
                    withCredentials: true,
                    params: {
                        q: 'email.raw:"ian@yahoo.com"',
                        search_engine: 'v2'
                    },
                    //crossdomain: true,
                    headers
                })
                .then((response) => {
                    console.log(response, 'is response')
                })
                .catch((err) => {
                    console.log(err.toString(), 'err to string')
                })
            }

Already added
http://localhost:8081
In CORS section in my Auth0 settings

The access tokens is correct. Any other Ideas for this? Already tried Chrome Extention for temporary fix, but still doesnt work. Any Idea?
Here is the error

Response to preflight request doesn't pass access control check: No 'Access-Control-

jmangelo · December 11, 2017, 7:22pm

As a disclaimer, the following won’t technically address the issue in question, however, I do think there is something else that we should focus instead. The endpoint listed is part of the Auth0 Management API and is only meant to be called by client applications that are considered as confidential clients per OAuth 2.0 rules.

In particular, the access token required to call that endpoint requires a client credentials grant to be performed which is unavailable for a browser-based client application because the client credentials could not be securely maintained. With this in mind, the CORS issue you’re currently facing would be mostly a non-issue as the requirement for having a confidential client application would also take any CORS limitation out of the equation. You may want to update your question with additional context on why you need to call the management API from a client application that has CORS limitation as to my knowledge that would only be that case of non-confidential client application.

Topic		Replies	Views
Using API in react to update/delete/create/get users? Help auth0 , api	12	7322	July 25, 2019
Cross origin with login credentials is not working Help login	2	3311	September 4, 2019
Problem when running API Quickstart (CORS?) Help	4	3361	July 25, 2019
CORS issue on /oauth/token request Help cors , token-endpoint	5	8687	September 3, 2019
Auth0 cors error coming auth0/token api even after adding my domain in allowed cors origin Help access_token	2	3302	March 24, 2022

CORS issue in Auth0

Related Topics