带有 Auth0 的本地主机和 CORS 不允许我登录 [英] Localhost and CORS with Auth0 not allowing me to login

问题描述

我正在制作一个 React 应用程序并尝试使用 Auth0 进行身份验证.尝试登录后，它返回:

I'm making a React app and trying to use Auth0 to authenticate. After trying to log in, it returns this:

XMLHttpRequest 无法加载 https://my-domain.auth0.com/usernamepassword/login.对预检请求的响应未通过访问控制检查:响应中Access-Control-Allow-Credentials"标头的值为"，当请求的凭据模式为包含"时，该值必须为真".Origin 'http://localhost:3000' 因此不允许访问.XMLHttpRequest 发起的请求的凭证模式由 withCredentials 属性控制.

XMLHttpRequest cannot load https://my-domain.auth0.com/usernamepassword/login. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

我认为这与此有关:Auth0 和 React 的 CORS 问题 但我在 Auth0 的设置中的允许的来源 (CORS)"位置同时具有 http://localhost:3000, http://localhost:3000/login(是的，我正在使用正确的客户端 ID).

I thought it would be related to this: CORS problems with Auth0 and React but I have both http://localhost:3000, http://localhost:3000/login in the 'Allowed Origins (CORS)' spot in Auth0's settings (and yes I'm using the correct client ID as well).

我尝试将 http://localhost:3000/, http://localhost:3000/login 放在允许的回调 URL"(不知道具体是做什么的)中，但是没有也不行.

I tried putting http://localhost:3000/, http://localhost:3000/login in the 'Allowed Callback URL's (don't know exactly what that does) but that didn't work either.

当我使用社交连接 (Google) 时，它允许我在允许的回调 URL 中输入 http://localhost:3000/login 后登录.

When I use the social connection (Google) it allowed me to login after putting http://localhost:3000/login in the Allowed Callback URL's.

但它仍然不适用于新用户登录.

But it still won't work for just a new user logging in.

有什么帮助吗?

如果它有所作为:

• Auth0 日志显示为社交登录，但当我以其他方式连接时根本没有日志

• Auth0 Logs show for the social login but there are no logs at all for when I connect otherwise

我认为与此相关的是我每次加载页面时都会得到这个:

I think related to this is that I also get this every time I load the page:

获取 SSO 数据时出错.这可能只是意味着网络存在问题.但是，如果在此警告之前记录了Origin"错误，请添加http://localhost:3000"到 Auth0 仪表板中的Allowed Origins (CORS)"列表:...(链接到我的破折号)

There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "http://localhost:3000" to the "Allowed Origins (CORS)" list in the Auth0 dashboard: ...(link to my dash)

我从 Gravatar 网站收到了 404

I get a 404 from the gravatar website

我也收到了这些错误(可能不相关):

Also I get these errors (may not be related):

拒绝设置不安全的头部accept-encoding"

拒绝设置不安全的头部user-agent"

推荐答案

Auth0 中的客户端出了点问题.我不知道它是什么，但我构建了一个 Angular4 应用程序并连接到 Auth0 中的同一个客户端，并得到了相同的错误.然后我尝试删除 Auth0 中的客户端并创建一个新客户端，现在它可以工作了.我不知道是什么导致了错误，但创建一个新客户端并连接到该客户端解决了该问题.

Something was wrong with the client in Auth0. I don't know what it was but I built an Angular4 app and connected to the same client in Auth0 and got the same errors. I then tried deleting the client in Auth0 and making a new one and now it works. I have no idea what was causing the error, but creating a new client and connecting to that one fixed the issue.

这篇关于带有 Auth0 的本地主机和 CORS 不允许我登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！