No 'Access-Control-Allow-Origin' header is present on the requested resource

DavidWells · November 15, 2017, 12:00am

Fixed it!

serverless/examples/blob/master/aws-node-auth0-custom-authorizers-api/handler.js#L43


const tokenValue = tokenParts[1]


if (!(tokenParts[0].toLowerCase() === 'bearer' && tokenValue)) {
  // no auth token!
  return callback('Unauthorized')
}
const options = {
  audience: AUTH0_CLIENT_ID,
}
// decode base64 secret. ref: http://bit.ly/2hA6CrO
const secret = new Buffer.from(AUTH0_CLIENT_SECRET, 'base64')
try {
  jwt.verify(tokenValue, secret, options, (verifyError, decoded) => {
    if (verifyError) {
      console.log('verifyError', verifyError)
      // 401 Unauthorized
      console.log(`Token invalid. ${verifyError}`)
      return callback('Unauthorized')
    }
    // is custom authorizer function
    console.log('valid from customAuthorizer', decoded)

JWT secret needed to be base 64 decoded to validate the jwt.

Demo is working again http://auth0-serverless-protected-routes-demo.surge.sh/

Topic		Replies	Views
How to enable CORS for custom authorizers ? (AWS API Gateways) Serverless Framework aws	7	15627	April 2, 2024
Cors problem when using custom authorizer Serverless Framework lambda , api-gateway	1	3038	April 26, 2020
Has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource Serverless Framework	8	7678	December 3, 2019
CORS with included credentials Serverless Framework aws , lambda	5	4188	June 1, 2020
Api gateway cors - Headers not set Serverless Framework	0	548	October 5, 2020

No 'Access-Control-Allow-Origin' header is present on the requested resource

Related Topics