I'm new to Salesforce, but before asking I've been through docs and can't find a way around it.
I have a Salesforce Developer Edition where I have a user with API privileges, connected app added and CORS set up, but whenever I try to authenticate user from my app (run locally) I get:
XMLHttpRequest cannot load
https://login.salesforce.com/services/oauth2/token.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'https://proj.loc:1337' is therefore not allowed access.
The response had HTTP status code 400.
In whitelist I have both https://proj.loc and https://proj.loc:1337
When using curl to get session ID everything works fine, but not from my js app.
What can be the issue here? Is it possible, that the fact I have a self-signed certificate on my localhost is blocking authentication?
Best Answer
It seems you're trying to authenticate using the CORS request which isn't supported - see this comment for more details. You should be able to use it for any other API requests though - that will also validate that you whitelisted the correct URLs.
Quoting the relevant text below