POST /oauth/revoke blocked by CORS policy

alegria.aclan · October 14, 2019, 1:56pm

I’m trying to implement the Auth code flow with PKCE for SPA’s and I get the following error when trying to revoke a refresh token programatically from angular application:

“Http failure response for https://alegria.auth0.com/oauth/revoke: 0 Unknown Error”

Access to XMLHttpRequest at ‘https://alegria.auth0.com/oauth/revoke’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

revoke url: https://alegria.auth0.com/oauth/revoke
body: {client_id: “actual client id”, token: “actual refresh token”}
Link to API Documentation: https://auth0.com/docs/api/authentication#revoke-refresh-token

dan.woda · October 15, 2019, 6:08pm

Hi @alegria.aclan,

Welcome to the Auth0 Community Forum!

Have you added http://localhost:4200 to the allowed origins field for your application?

Let me know.

Thanks,
Dan

alegria.aclan · October 16, 2019, 3:50pm

Hi @dan.woda,

Yes, I I believe that is set. But, I still get the CORS error.

dan.woda · October 16, 2019, 10:30pm

Would DM me the name of your tenant and the first few chars of the client ID?

Thanks,
Dan

dan.woda · October 18, 2019, 10:02pm

Can you please DM me a HAR file so I can investigate further?

dan.woda · November 2, 2019, 2:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.