CORS issues with /authorize

Help
, ,
1

Hi,
I am attempting to set up an auth0 integration with node.js backend and next.js frontend. The node backend uses the express-openid-connect library.

When encountering a logged-out user, the node server redirects the frontend to /authorize’, which is rejected due to CORS policy.

Screen Shot 2022-09-15 at 2.20.50 PM
Screen Shot 2022-09-15 at 2.20.50 PM954×228 123 KB

Things I have tried:

CORS config:

Screen Shot 2022-09-16 at 9.26.56 AM
Screen Shot 2022-09-16 at 9.26.56 AM1176×1228 108 KB

I am using Universal Login, and I do not have a custom domain present in my tenant. This is a development environment only.

It seems like users have been having this problem for many years and it hasn’t been fixed API being blocked by CORS even though it's an allowed origin

1 Like
2

Update: Due to lack of support on this issue I have migrated away from auth0. I encourage other users to do the same.

3 Likes
3

@yaacov I feel your pain. They just don’t give a sh*t, since Okta acquired them

4

Apologies for rehashing this but I feel like there should be a resolution here in case anyone else finds this, like me.

All modern browsers enforce the Same-Origin Policy (SOP), which means a web page served from one origin cannot freely make requests to a different origin unless the other origin allows it with Cross-Origin Resource Sharing (CORS) headers.

The solution is to delegate the call to your server. In my case in node.js express it was a simple matter of returning res.redirect(“https://{domain}/authorize?..params”). Then on the client: window.location.href = “http://localhost:8080/my-api/authorize

2 Likes
5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.