Fail to request access token from Auth0

I follow the test instruction to request a token from auth0 with jQUERY.


But I got the error message: Access to XMLHttpRequest at ‘https://xxx.auth0.com/oauth/token’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

My application setting:


Please help me, I am struggling to request a token from Auth0.

Hello @zhujiajun62 welcome to the community!

Do you mind sharing the documentation you are working with?

What happens if you attempt to obtain a token using the same credentials using cURL?

Let us know!

Hi, tyf,
Thanks for the reply.
Here is my test code to request the token.

submitPost = (event) => {
    event.preventDefault();
    var settings = {
      "async": true,
      "crossDomain": true,
      "url": "https://dev-royzhu.us.auth0.com/oauth/token",
      "method": "POST",
      "headers": {
        "content-type": "application/json",
        "Access-Control-Allow-Origin": "http://localhost:3000/"
      },
      "data": "{\"client_id\":\"wRxxxxxxxxxxxxxxxxCG\",\"client_secret\":\"j4_xxxxxxxxxxWkCokt-dmrDlbwCxxxxxxxUUvLt_sO28W-ZP\",\"audience\":\"boardgameforum\",\"grant_type\":\"client_credentials\"}"
    }

    $.ajax(settings).done(function (response) {
      console.log(response);
    });
  }

With your suggestion, I edit the curl and send it, out but the result I got is “invalid JSON”.

If you need more information, please let me know.

1 Like

No problem, happy to help where I can!

I’m not seeing anything that stands out in your code aside from the extra header "Access-Control-Allow-Origin": "http://localhost:3000/" - What happens if you remove that?

Do you mind trying the curl that from our article on Getting Access Tokens? I’m just trying to rule out any issues with obtaining a token in and of itself - CORS can sometimes be a red herring of sorts.

Keep us posted!

Hi, tyf,

Thank you for your reply. It works after removing the headers.
But I have another question, right now, I have the token in respons[“access_token”], and I want to do another ajax and add the token to the header. However, I assign it to a var but it is a local var. Can you advise how to pass this token to another ajax request?

Thank you very much.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.