Unable to create session using SessionToken in okta POST /sessions API call

Question

I was able to get the sessionToken using username and password. But, after that I want to create the session using POST call as follows in AngularJS. The angular (entire web app) is hosted on AWS S3.

var session_data = { 'sessionToken' : My_session_Token}; 
$http({
       method: 'POST',
       url: 'https://myorg.okta.com/api/v1/sessions',
       data: session_data,
       headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json',
          }
       }).then(function(response) {
            console.log(response);
       });

The error I am getting is

XMLHttpRequest cannot load https://myorg.okta.com/api/v1/sessions. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://s3.amazonaws.com' is therefore not allowed access.

I have already added the CORS Allow origin header in Okta as well as S3 bucket.

When I try doing the following through terminal

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
  "sessionToken": "my_session_Token"
}' "https://myorg.okta.com/api/v1/sessions"

First time I get

{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaefADOnPONTDidUZYyrVc5rQ","errorCauses":[]}MAC-S014568:~

second time, because of sessionToken is one time use only I get following error

{"errorCode":"E0000004","errorSummary":"Authentication failed","errorLink":"E0000004","errorId":"oaeI-KKSO-iRGSR1gmyUjBS8g","errorCauses":[]}MAC-S01

I don't think the problem is because of the CORS header (Allow origin) as I have already added the origin. Also, I cannot use SSWS {api_TOKEN} as my application is in angular and its risky to expose the api token. Any help will be highly appreciated

Unable to create session using SessionToken in okta POST /sessions API call

Answers (1)

Related Questions