Cross-origin resource sharing


#1

Is it possible to allow Cross-origin resource sharing for certain domains ?
The use case could be a customer with an existing UI willing to evaluate some metrics. He would first be redirected to Okta, sign in and be redirected to the UI and then call the C3 env remotely.

I know this is achievable with a Proxy but it is cumbersome is some cases.
If it is not supported right now, could it be in the future ? And if not why ?


#2

Need more detail. From your description, it looks like the UI in some customer domain not C3, how is Okta involved in this case? How is the user authenticated with C3?


#3

It could be Okta or anything. From my understanding we just need to provide a valid token with each request, whether it is coming from Okta or not.

Yes I am talking about a webapp not hosted on a C3 domain. This webapp could belong to a customer we are working with and who happens to have an Okta setup. So far I failed to redirect from the non C3 hosted webapp to Okta authentication’s page because of cors.

Maybe I am missing something fundamental here but what I want to do is kinda similar to authenticate with Okta, get the token and use it for postman or curl requests. Except I am in a browser and cors are hitting me.


#4

But how did you get the token in the first place? Who is hitting you with the CORS error (i.e domain of the page/request failing) “So far I failed to redirect from the non C3 hosted webapp to Okta authentication’s page because of cors” Which Okta authentication page? The customer’s own Okta page?


#5

@wdouhard we have a project that is already using CORS (call the c3 domain from another domain page).
I think, the trick is to send a request with the Authorization header containing the C3 token (cookie).
Here is an example:

var token = '30335ef456d16c18f95f7ba3bc5ead699846b7ba0f251d13da28a8cb8bd80f1c3b865a2a7a4c98ffa5125a79ba106730b1ae727da33789a424eb2f19b61cc8b41475';

fetch("https://my-tenant.c3iot.com/api/1/tenant-name/tag-name/Tag?action=fetch",
{
    method: 'POST',
    headers: {
      'Accept': 'application/json',
      'Content-Type': 'application/json',
      'Authorization': token
    },
    body: '{}'
})
.then(r => r.text())
.then(e => console.log(e));