auth0

I'm currently using Auth0 (and an Angular 2 GUI), which sends a header of the type "x-xsrf-token" in the request to a Spring Boot API. I get the error: "XMLHttpRequest cannot load http://localhost:3001/ping . Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight response." This is fair enough as the list of Access-Control-Response-Headers in Response Headers does not include x-xsrf-token (when debugging the request in the network tab in Chrome). I have tried a number of solutions, the closest I think I have come is to override the configure method in

I've been using Auth0 to build the front-end user authentication part of my site, but am unsure if I should be following the documentation exactly. If I want to build a commercial product, should I be hiding the client ID and domain? Is this something that would lead to a security breach? Currently anyone can view my Angular2 source code and look at the client ID and domain. The client identifier and your domain (which I'm assuming you're referring to the assigned Auth0 domain similar to [account].auth0.com ) are both considered information that does not need to be kept secret . The domain

I'm doing LinkedIn authentication with auth0 in a react app. I have set localhost:3000/upload in callback urls in settings, hopping that after users login at localhost:3000/login , they would be redirect to localhost:3000/upload . However, I always get this error: url localhost:3000/login is not in the list of callback urls. Why would auth0 expect to return to the page where you just logged in at after logging in. isnt it supposed to be some different urls. it just doesnt make sense to me. Edit: export default class AuthService { constructor(clientId, domain) { // Configure Auth0 const options

I'm using Auth0 for my user authentication to only allow logged in users to access a Spring (Boot) RestController . At this point I'm creating a real-time message functionality where users can send messages from the Angular 2 client ( localhost:4200 ) to the Spring server (localhost:8081) using stompjs and sockjs . When trying to create a Stomp-client and starting a connection I receive the following console-error: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200'

I am currently trying implement Auth0 in my NodeJS + React App. This tutorial given is really good and helpful, though I have one big problem. Every time I try to login/register via Auth0 I get XMLHttpRequest cannot load https://XYZ.eu.auth0.com/usernamepassword/login . Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://localhost:3000 ' is therefore not allowed access. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on

I read that when using JWT, there is no need to protect against CRSF attacks, for instance: " since you are not relying on cookies, you don't need to protect against cross site requests ". However, something I do not understand: if I store the token in localStorage (as I was advised on a tutorial of the same website ), what prevents an attacker to forge a malicious request by reading my localStorage instead of my cookies ? Since it was generated on the server side, I don't get how I could use a token for a client request without it being stored somewhere on the client. kuporific Strictly