I first send a non-logged in user to the Hosted Login page through auth0 which redirects them to http://mysite.com?code=123auth_123code. If a user is logged in, then I gather the authorization code and do the same redirect.
Once in my site, I attempt to gather the access token using the authorization code by asking https://mydomain.auth0.com/oauth/token. I then get the error “Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://mysite.com’ is therefore not allowed access.” I have added http://mysite.com to the client’s allowed callback URLs, allowed web origins, and allowed origins lists. The goal is to complete a implicit grant flow as described here https://auth0.com/docs/api-auth/tutorials/implicit-grant
I do not know what I am doing wrong. Is this because I am requesting the access code from an http domain instead of an https domain? Why is auth0 rejecting this cross domain call.