CORS Issue /oauth/revoke blocked by CORS policy

Hi, i have the same issue as described here:

I have an Angular project and use the oidc-client library.

Login just works fine, when calling this.userManager.signoutRedirect() on logout I get the following error:

Access to XMLHttpRequest at 'https://neuwirth.eu.auth0.com/oauth/revoke' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

locolhost is set under allowed CORS in the auth0 application.

Thank your very much for your advice.

1 Like

I fixed the issue by adding the correct configuration object:

// post_logout_redirect_uri: ${environment.CLIENT_ROOT}/signout,
metadata: {
issuer: https://${environment.STS_AUTHORITY}/,
authorization_endpoint: https://${environment.STS_AUTHORITY}/authorize?audience=${environment.STS_CUSTOM_SCOPE},
jwks_uri: https://${environment.STS_AUTHORITY}/.well-known/jwks.json,
token_endpoint: https://${environment.STS_AUTHORITY}/oauth/token,
userinfo_endpoint: https://${environment.STS_AUTHORITY}/userinfo,
end_session_endpoint: https://${environment.STS_AUTHORITY}/v2/logout?client_id=${ environment.STS_CLIENT_ID }&returnTo=${encodeURI(environment.CLIENT_ROOT + '/signout')},
}

1 Like

Thanks for posting your solution!

hi @ChristopherNeuwirth, I’m having the same issue.

Would you mind explaining what exactly the change is and how to apply it? I’m trying to fin where to configure the “configuration object” in my Auth0 tenant’s UI

Cheers

1 Like

Hi Hoang,
I am using the oidc library. Currently I don’t have access to a computer but if you check the lib docs at GitHub and have a look at my branch you maybe get an idea of the configuration object I am referencing to: https://github.com/ChristopherNeuwirth/prototype-starter/blob/OpenIDConnect-Integration/ui/src/app/core/auth.service.ts
I hope this helps.
Greetings.

1 Like

Thanks @ChristopherNeuwirth for the help!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.