When trying to disable the legacy lock API we see the following output in logs:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://domain.auth0.com/user/ssodata/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a “Origin” error has been logged before this warning, please add “http://localhost:8080” to the “Allowed Origins (CORS)” list in the Auth0 dashboard: …
The http://localhost:8080 domain is definitely within the textarea next to the Allowed Origins (CORS) option.
I’m wondering if this is a problem with the error message, or if there is some way that we can further debug this?
I had same issue and this fixed it - basically, use webAuth.passwordlessLogin instead of webAuth.passwordlessVerify. Not sure if it applies in your case.
" @vantechstudio were you able to solve your issue? For others seeing this, we should be able to use webAuth.passwordlessLogin instead of webAuth.passwordlessVerify and that should fix this issue moving forward."
One thing was in my case I was directly calling passwordlessVerify instead of passwordlessLogin. From that code it looks like it should not have mattered, so I’ll need to check again to see where I was in the troubleshooting process when it helped. I seem to remember that it was the last thing that finally got it all going again.
Also - as for the CORS stuff, does the textbox you’re referring to gave the label “Allowed Web Origins”?
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?