I’m following the docs on using refresh tokens. But I’m getting the following error:
Access to XMLHttpRequest at 'https://dev-domain.us.auth0.com/oauth/token' from origin 'https://www.stuffdb.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Here is my code:
async function refreshToken(refresh_token: string) {
try {
const AUTH_URL = `${checked(
process.env.NEXT_PUBLIC_AUTH0_ISSUER_BASE_URL
)}/oauth/token`;
const { data } = await axios.post<RefreshInfo>(
AUTH_URL,
new URLSearchParams({
grant_type: 'refresh_token',
client_id: checked(process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID),
client_secret: checked(process.env.NEXT_PUBLIC_AUTH0_CLIENT_SECRET),
refresh_token: refresh_token,
}),
{
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
}
);
return data;
} catch (error) {
if (axios.isAxiosError(error)) {
console.error('error message: ', error.message);
// 👇️ error: AxiosError<any, any>
} else {
console.error('unexpected error: ', error);
}
return {} as RefreshInfo;
}
}
Here are my settings for allowed urls:
Here are my grant types:
Can someone please tell me what I’m missing?