Front-end CORS issue

I’m trying to integrate the PKCE authentication flow inside a react app right now and getting a CORS error when hitting the /token endpoint: PreflightMissingAllowOriginHeader. The CORS preflight does returns a 200 status code.

From what I understood from the docs is that I shouldn’t need a proxy to use the API while using PKCE.

This is unfortunately a known issue and something I have been trying to fix on and off for a couple of months now. I will do my best to raise the priority but at this time it relies both on a feature we haven’t implemented for our OAuth2 service and some other upstream configuration issues.

Thanks for the update!

I’ll proxy the request through our server for now.

That’s what I would recommend for now!

Here’s an example app that does it, although I never did get token refresh working.

If you happen to be using the same auth.js package and figure it out and want to contribute back, that’d be amazing!