I’m trying to get Auth0’s API calling example to work, just in a simple Javascript page hosted on my site. I can login and get profile info through the Auth0 SDK, but when I try to GET api/v2/public, it complains that No ‘Access-Control-Allow-Origin’ header is present on the requested resource. I added my base domain to Allowed Web Origins in my client, which I thought was supposed to enable CORS and give me that header, but no dice. Any ideas?? Thanks!
The page I am trying to make work can be seen here. You can “ping” public and see it fail without needing to log in.
OK, I think the problem is that there is no “public” endpoint. May be related to the fact that the example seems geared towards Node.js even though I specified I’m just building a jQuery frontend.
api/userinfo is what I really needed, and that seems to work fine. I was just expecting to actually be able to get the example to work on its own first.
Alright, clearly I had this wrong all along. The Auth0 Quickstarts say “frontend,” but they have a Node.js backend, too, which is where I got confused. My requirements are very basic and I was hoping to skip the backend altogether, but I guess Auth0 is primarily designed to work with a backend (the “api/v2” API is only designed to work with a backend from what I can gather) so I guess I’ll have to set one up.
@UltimateWalrus that is correct that from a single page application you should not interact directly with the Management API. Authorized non interactive clients should get an access token for the API, and so yes this request should be done on the backend (shouldn’t be done directly in an SPA or a native app for that matter).