/v1/token No 'Access-Control-Allow-Origin' Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmcxqaq&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jed KayJed Kay 

/v1/token No 'Access-Control-Allow-Origin'

Using the authorization code flow, I've managed to get the Auth-Code using the "v1/authorize" endpoint and that works great! but now I'm stuck trying to get the access token, the POST to "/v1/token" just throws CORS errors. I know that the endpoint doesn't support CORS because it doesn't have a "CORS" thingy on it in the documentation, but that doesn't that help me. Aren't all calls for a token going to be cross domain? What am I doing wrong?
This is the error I get:
XMLHttpRequest cannot load https://dev-00000.oktapreview.com/oauth2/aaaaa00000/v1/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:5555' is therefore not allowed access.
Its either the OPTIONS preflight, or the POST method that throws the error, but no matter what combination of headers and parameters I try I keep getting this error. I have already added "http://localhost:5555" to my trusted domains. Removing all headers only puts the error onto the POST method. I'm using Angular 2, here is my calling code: 
let headers = new Headers();  
headers.append('Content-Type', 'application/x-www-form-urlencoded'); headers.append('Authorization', `Basic ${this.client_details}`); let body = `grant_type=authorization_code`     + '&' + `redirect_uri=${this.redirect_uri}`     + '&' + `code=${auth_code}`; console.log("BODY:", body); this._http.post(`${this.authServer}/token`, body, { headers: headers, responseType: 1 } ).subscribe
Any ideas?
Thanks in advance :)
Taylor WellsTaylor Wells (Okta, Inc.)
I am checking with our developer support team to look into this for you.