00u3dd3b93qJteb9z0h1.5269400983564487E12 (Customer) asked a question.
I am getting below CORS error when i am redirecting user from our server to OKTA /authorize end point to generate code which will be used later in exchange of accessToken/IdToken for user.
Look like browser is triggering Option call before redirecting as a security measure and complaining about CORS header missing in okta response.
Access to XMLHttpRequest at 'https://xyz/authorize?client_id=123&response_type=code&response_mode=query&scode=openid%2Bprofile&redirect_uri=abc%2Ftoken&state=seamless&nonce=abc' (redirected from 'http://localhost:4503/xyz) from origin 'http://localhost:4503' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Does anyone know how to deal with this issue ?
Edit: localhost:4503 is whitelisted under API --> trusted origin -->CORS but still CORS error
Hello,
We require an ID token issued by Okta by the same authorization server that is being used in order to logout the user. The ID token is linked to the user's current session.
-due to security constraints, we require on /logout endpoint an ID token issued by the same authorization server by the same user on the same session
-the URL "http://localhost:4200" needs to be added both in Trusted Origins and also under Applications >> OIDC app >> General >> Logout redirect URIs