POST /oauth/revoke blocked by CORS policy

I’m trying to implement the Auth code flow with PKCE for SPA’s and I get the following error when trying to revoke a refresh token programatically from angular application:

“Http failure response for https://alegria.auth0.com/oauth/revoke: 0 Unknown Error”

Access to XMLHttpRequest at ‘https://alegria.auth0.com/oauth/revoke’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

revoke url: https://alegria.auth0.com/oauth/revoke
body: {client_id: “actual client id”, token: “actual refresh token”}
Link to API Documentation: https://auth0.com/docs/api/authentication#revoke-refresh-token

Hi @alegria.aclan,

Welcome to the Auth0 Community Forum!

Have you added http://localhost:4200 to the allowed origins field for your application?

Let me know.

Thanks,
Dan

Hi @dan.woda,

Yes, I I believe that is set. But, I still get the CORS error. :thinking:

Would DM me the name of your tenant and the first few chars of the client ID?

Thanks,
Dan

1 Like

Can you please DM me a HAR file so I can investigate further?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.