POST /oauth/revoke blocked by CORS policy

I’m trying to implement the Auth code flow with PKCE for SPA’s and I get the following error when trying to revoke a refresh token programatically from angular application:

“Http failure response for 0 Unknown Error”

Access to XMLHttpRequest at ‘’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

revoke url:
body: {client_id: “actual client id”, token: “actual refresh token”}
Link to API Documentation:

Hi @alegria.aclan,

Welcome to the Auth0 Community Forum!

Have you added http://localhost:4200 to the allowed origins field for your application?

Let me know.


Hi @dan.woda,

Yes, I I believe that is set. But, I still get the CORS error. :thinking:

Would DM me the name of your tenant and the first few chars of the client ID?


1 Like

Can you please DM me a HAR file so I can investigate further?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.