But I got the error message: Access to XMLHttpRequest at ‘https://xxx.auth0.com/oauth/token’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
I’m not seeing anything that stands out in your code aside from the extra header "Access-Control-Allow-Origin": "http://localhost:3000/" - What happens if you remove that?
Do you mind trying the curl that from our article on Getting Access Tokens? I’m just trying to rule out any issues with obtaining a token in and of itself - CORS can sometimes be a red herring of sorts.
Thank you for your reply. It works after removing the headers.
But I have another question, right now, I have the token in respons[“access_token”], and I want to do another ajax and add the token to the header. However, I assign it to a var but it is a local var. Can you advise how to pass this token to another ajax request?