/v1/token No 'Access-Control-Allow-Origin' Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jed KayJed Kay 

/v1/token No 'Access-Control-Allow-Origin'

Using the authorization code flow, I've managed to get the Auth-Code using the "v1/authorize" endpoint and that works great! but now I'm stuck trying to get the access token, the POST to "/v1/token" just throws CORS errors. I know that the endpoint doesn't support CORS because it doesn't have a "CORS" thingy on it in the documentation, but that doesn't that help me. Aren't all calls for a token going to be cross domain? What am I doing wrong?
This is the error I get:
XMLHttpRequest cannot load https://dev-00000.oktapreview.com/oauth2/aaaaa00000/v1/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:5555' is therefore not allowed access.
Its either the OPTIONS preflight, or the POST method that throws the error, but no matter what combination of headers and parameters I try I keep getting this error. I have already added "http://localhost:5555" to my trusted domains. Removing all headers only puts the error onto the POST method. I'm using Angular 2, here is my calling code: 
let headers = new Headers();  
headers.append('Content-Type', 'application/x-www-form-urlencoded'); headers.append('Authorization', `Basic ${this.client_details}`); let body = `grant_type=authorization_code`     + '&' + `redirect_uri=${this.redirect_uri}`     + '&' + `code=${auth_code}`; console.log("BODY:", body); this._http.post(`${this.authServer}/token`, body, { headers: headers, responseType: 1 } ).subscribe
Any ideas?
Thanks in advance :)
Taylor WellsTaylor Wells (Okta, Inc.)
I am checking with our developer support team to look into this for you.