I’m trying to integrate the PKCE authentication flow inside a react app right now and getting a CORS error when hitting the /token endpoint: PreflightMissingAllowOriginHeader. The CORS preflight does returns a 200 status code.
From what I understood from the docs is that I shouldn’t need a proxy to use the API while using PKCE.
This is unfortunately a known issue and something I have been trying to fix on and off for a couple of months now. I will do my best to raise the priority but at this time it relies both on a feature we haven’t implemented for our OAuth2 service and some other upstream configuration issues.
Thanks for the update!
I’ll proxy the request through our server for now.
That’s what I would recommend for now!
Here’s an example app that does it, although I never did get token refresh working.
If you happen to be using the same auth.js package and figure it out and want to contribute back, that’d be amazing!