Description
Checklist
- I have looked into the Readme and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
Hi,
I've encountered a CORS issue when calling the /api/private endpoint in this sample (auth0-golang-api-samples) from the api/external example in auth0-react-samples.
After modifying the frontend in auth0-react-samples to call this API, I received the following logs in the terminal:
2025/04/14 15:58:15 Server listening on http://localhost:3010
2025/04/14 15:58:19 Encountered error while validating JWT: jwt missing
2025/04/14 15:59:35 Encountered error while validating JWT: jwt missingIt seems like the API is attempting to validate a JWT token even during the CORS OPTIONS preflight request. However, since the Authorization header is not sent with preflight requests by browsers, this causes the request to fail.
Here is the error message I saw in the browser console:
I believe the issue lies in how the JWT middleware is configured in 01-Authorization-RS256/middleware/jwt.go
To resolve this, I propose updating the middleware configuration to include the following:
// 01-Authorization-RS256/middleware/jwt.go
middleware := jwtmiddleware.New(
jwtValidator.ValidateToken,
jwtmiddleware.WithErrorHandler(errorHandler),
jwtmiddleware.WithValidateOnOptions(false), // I added this option
)This allows the OPTIONS request to pass through without triggering JWT validation, which resolves the CORS issue in my case.
Thank you for maintaining this helpful sample!
Reproduction
🔧 Environment
$ node -v
v22.14.0
$ yarn -v
1.22.22
$ go version
go version go1.23.6 linux/amd64-
In the Auth0 dashboard, create a new Single Page Application under Applications.
-
Clone the
auth0-samples/auth0-react-samplesrepository. -
Follow the official guide: React: Call an API
Add the following files to theSample-01/srcdirectory:login.jslogout.jsprofile.js
-
In the Auth0 dashboard, go to APIs and register a new API.
- Set the
Identifierto:http://localhost:3010
- Set the
-
In the cloned
auth0-react-samplesrepository, create a file atsrc/auth_config.json:
{
"domain": "{MY AUTH0 DOMAIN}",
"clientId": "{MY AUTH0 CLIENT ID}",
"audience": "http://localhost:3010"
}- Update
Sample-01/src/views/ExternalApi.jsas follows to make the "Ping API" button send requests tohttp://localhost:3010/api/privateinstead of/api/external.
Note:
classattributes in JSX should be changed toclassNameto avoid runtime errors.
- const { apiOrigin = "http://localhost:3001", audience } = getConfig();
+ const { apiOrigin = "http://localhost:3010", audience } = getConfig();
...
- const response = await fetch(`${apiOrigin}/api/external`, {
+ const response = await fetch(`${apiOrigin}/api/private`, {
...
- class="alert-link"
+ className="alert-link"- Start the React app:
yarn run devYou should see:
Compiled successfully!
You can now view auth0-react-sample in the browser.
Local: http://localhost:3000
On Your Network: http://10.41.0.212:3000-
Clone the
auth0-samples/auth0-golang-api-samplesrepository. -
In the
01-Authorization-RS256directory, create a.envfile with the following contents:
AUTH0_DOMAIN={MY AUTH0 DOMAIN}
AUTH0_AUDIENCE=http://localhost:3010- Start the Go API:
cd 01-Authorization-RS256
go mod vendor
go run main.go-
Access the React app in your browser and log in.
-
Navigate to
http://localhost:3000/external-api. -
Click the Ping API button.
❗ Observed Error
After clicking the button, the API call fails and the following error appears:
Additional context
By adding the following change to auth0-golang-api-samples/01-Authorization-RS256/middleware/jwt.go, I was able to successfully send CORS requests from the React UI:
// 01-Authorization-RS256/middleware/jwt.go
middleware := jwtmiddleware.New(
jwtValidator.ValidateToken,
jwtmiddleware.WithErrorHandler(errorHandler),
jwtmiddleware.WithValidateOnOptions(false), // I added this option
)
The message returned by the Go API was successfully displayed on the React screen.