I’m trying to implement Auth0 authentication locally in a web app.
I have a backend service in node (with express) and a frontend service in VueJs.
I implemented the backend according to the instructions, so now if an endpoint requires authentication, I get a 302 code and redirected to the login screen.
However, when I call the endpoint from the frontend, the redirect is blocked by the browser with this error:
Access to XMLHttpRequest at ‘https://dev-o9cp8xf8.us.auth0.com/authorize?client_id=…&scope=openid%20profile%20email&response_type=id_token&redirect_uri=https%3A%2F%2Flocalhost%3A9090%2Fcallback&response_mode=form_post&nonce=…’ (redirected from ‘https://localhost:9090/api/no-auth/login’) from origin ‘https://localhost:9090’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
To my understanding, it’s not possible to prevent the redirect and do it manually.
I configured my endpoints in “Allowed Web Origins” and “Allowed Origins (CORS)” to no avail.
Can someone see what I’m doing wrong?