Auth0 Home Blog Docs

CORS issue using /authorize endpoint

cors
authorize-endpoint

#1

I’m using angular2 app. Have been following the api documentation https://auth0.com/docs/api/authentication , singup, password change, custom login all work fine, except the social login progiders. I’m specifically using the Social authentication, google and facebook. From angular app I’m calling /authorize end point and I’m getting below error message

XMLHttpRequest cannot load https://rmo.auth0.com/authorize?response_type=token&client_id=8Dw3J3HkPK247AcLEO0fpSLBuyIvKAlv&connection=facebook&state=rmo-social-auth-csrf-token. Redirect from ‘https://rmo.auth0.com/authorize?response_type=token&client_id=8Dw3J3HkPK247AcLEO0fpSLBuyIvKAlv&connection=facebook&state=rmo-social-auth-csrf-token’ to ‘https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=https…callback&state=ckuE1ECsJ2C19K78cLiF8j8LHtdfnOiS&client_id=1876559642565417’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:5555’ is therefore not allowed access.

Here is my angular2 code

let url = ‘https://rmo.auth0.com/authorize?response_type=token&client_id=’ + Config.auth0ClientID +
’&connection=’ + providerType + ‘&state=rmo-social-auth-csrf-token’;

return this.http.get(url)
.map(this.extractData)
.catch(this.handleError);

following the link https://auth0.com/forum/t/cors-with-authorization-endpoint/4389 I tried to navigate to the URL instead of making an http call as above, but still I get the same exact error message.

NOTE: if I use the lock0 js methods as below, social provider works fine. I have enabled my end points in CORS section of auth0 dashboard. So issue is not at on google side.

this.auth.login({
connection: providerType,
redirect: true,
popupOptions: {
width: 450,
height: 600
}
}));


#2

This is not an Auth0 issue, but rather the behaviour in Chrome, where Chrome does not support localhost to go through the Access-Control-Allow-Origin. Please see the following post for details:
https://stackoverflow.com/questions/28547288/no-access-control-allow-origin-header-is-present-on-the-requested-resource-err


#3