Intermittent CORS 401 on token request

We capture user sessions and are seeing multiple instances of 401 errors, and finally managed to replicate locally and get more information. Here’s the error message we’re seeing:

Failed to load resource: the server responded with a status of 401 ()
main.cc1f3730e8f97b935bc8.bundle.js:2 ServerError: Response not successful: Received status code 401
    at t.throwServerError (npm.apollo.e827d4c1dd736c63e8b6.bundle.js:1:93277)
    at npm.apollo.e827d4c1dd736c63e8b6.bundle.js:1:87549
(anonymous) @ main.cc1f3730e8f97b935bc8.bundle.js:2
overview:1 Access to XMLHttpRequest at 'https://redacted.us.auth0.com/oauth/token' from origin 'https://redacted.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This doesn’t happen very often, so I feel confident it’s not a configuration issue. https://redacted.com is included in Allowed Callback URLs, Allowed Logout URLs, Allowed Web Origins, and Allowed Origins (CORS).

I also feel confident it’s not a token refresh issue; I’ve set token expiration to a shorter duration and witnessed the refresh process working just fine.

Hi @kenzie,

Welcome to the Auth0 Community!

Do you have an example of the exact request that is causing this error?