Auth0 Home Blog Docs

CORS issue on silent authentication

Hi There,

I’m using Vue with the Nuxt framework and the corresponding Auth module with the Auth0 provider. I’m not using any of the auth0 JS (SPA) libraries, but if i need any to fix the issue i will happily use one. Auth0 is configured as SPA and I’m using the Universal Login on a Auth0 domain (so not a custom / my own domain). Locally, the domain I’m using is https:// localhost.

I’m trying to implement silent authentication. A GET request is made to the /auth URL:

  const url = new URL(<domain>auth0.com/authorize)
  url.searchParams.append('client_id', <my_client_id>)
  url.searchParams.append('redirect_uri', <my_callback_uri>)
  url.searchParams.append('response_type', 'token')
  url.searchParams.append('prompt', 'none')
  url.searchParams.append('response_mode', 'web_message')
  $axios
    .get(url)
    .then(res => console.error('res', res))
    .catch(err => console.error('err', err))

In the Auth0 log, I see a Successful silent authentication. Unfortunately, I cannot fetch the result as my browser gives me the all known CORS error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://<domain>.auth0.com/authorize?client_id=<client_id>&redirect_uri=<callback_uri>&response_type=token&prompt=none&response_mode=web_message. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

In my Auth0 App settings, I’ve added https:// localhost to my Allowed Web Origins and Allowed Origins (CORS)

I’ve read the page on CORS authentication, which advises me to use the Universal Login. If I’m correct, this is not applicable if for silent authentication?

How should i tackle this? Do i need a cross origin verification page? Will that work for local domains as well? Or do I need to make use of a specific function from an Auth0 JS library to tackle this?

Regards.

Hi @darthf1

Welcome to the Auth0 Community Forum!

I think this may be a browser issue. Check out this thread:

Let me know if that is not it.

Thanks,
Dan

Hi @dan.woda, thanks for your reply. Unfortunately it’s not the described issue; if i change my domain from https://localhost to something else, i get the same result.

Btw I’m mainly using Firefox, but error is also on other browsers.

Another user has reported this same issue when using some of our older Auth0.js and Lock libraries. It was fixed by upgrading to the current versions. Since it sounds like you are not using either, switching to a library could solve it.

If you want to try this without a full migration, then you could try one of the quickstarts (takes 5-10 mins to setup) to confirm it is not related to your domain or browser.

Hey, @dan.woda, it seems that CORS error is actually coming from a HTTP request and not using any Auth0.js or Lock libraries. How can it be fixed by upgrading to the current version? Which library do we need to make a HTTP request?
I am getting the same CORS error and struggling to get rid of it.

I added mode: 'no-cors', and was able to get rid of the cors error I was getting.

1 Like

Hey there @dynosapp!

Dan is out of office but stoked to hear that you figured it out!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.