CORS issues with /authorize

Hi,
I am attempting to set up an auth0 integration with node.js backend and next.js frontend. The node backend uses the express-openid-connect library.

When encountering a logged-out user, the node server redirects the frontend to /authorize’, which is rejected due to CORS policy.

Things I have tried:

CORS config:

I am using Universal Login, and I do not have a custom domain present in my tenant. This is a development environment only.

It seems like users have been having this problem for many years and it hasn’t been fixed API being blocked by CORS even though it's an allowed origin

1 Like

Update: Due to lack of support on this issue I have migrated away from auth0. I encourage other users to do the same.

2 Likes

@yaacov I feel your pain. They just don’t give a sh*t, since Okta acquired them

Apologies for rehashing this but I feel like there should be a resolution here in case anyone else finds this, like me.

All modern browsers enforce the Same-Origin Policy (SOP), which means a web page served from one origin cannot freely make requests to a different origin unless the other origin allows it with Cross-Origin Resource Sharing (CORS) headers.

The solution is to delegate the call to your server. In my case in node.js express it was a simple matter of returning res.redirect(“https://{domain}/authorize?..params”). Then on the client: window.location.href = “http://localhost:8080/my-api/authorize

1 Like