Client authentication failed on token endpoint: CORS policy issue
MTL2000 opened this issue · 3 comments
I am implementing the autorization code grant type. I got the CORS pilocy error when calling the token endpoint. there is no issue on authorize endpoint. though I provided both token and authorize endpoints.
Access to XMLHttpRequest at 'https:///token' from origin 'https://my.local.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
my config setting is listed below:
const setting = {
authority: 'https://',
client_id: '548741544-2113-4195-81ba-649a288db7ad',
client_secret: 'r/2225ffsvgb/sfw3442sfefd/KlCdiI0Y=',
response_type: 'code',
redirect_uri: 'https://my.local.com',
metadataUrl: 'https:///.well-known/openid-configuration',
metadata: {
issuer: 'https://',
authorization_endpoint: '/authorize',
token_endpoint: 'https:///token',
userinfo_endpoint: 'https:///userinfo',
},
scope: 'openid profile email api offline_access',
};
const oidcConfig = {
onSignIn: async (user: any) => {
console.log(user);
window.location.hash = '';
},
userManager: new UserManager(setting),
};
Hello 👋
Thank you for filing this issue. This issue is most likely caused by the OIDC endpoints not having CORS enabled/configured/features.
It is probably not caused by oidc-react. I'm closing this, if you need more assistance, please feel free to reply or open an new issue for any other issues :)
I ran into this issue for Slack if anyone has the same. Slack's CORS settings aren't open. The main package allows you to set those variables manually.