A CORS request to the Introspection endpoint fails and gives a 401 error. The error message states that CORS is not supported for the domain.
This issue occurs when you do not specify the port while configuring the CORS domain.
Workaround: Specify the port along with the scheme and domain.
Perform the following steps to update the port at the global level:
Click Devices > Identity Server > Edit > OAuth & OpenID Connect > Global Settings.
Under CORS Domains, edit the Limit To field. Ensure that the scheme and domain are correct, then add the port.
For example, specify https://abc.example.com:8543.
Perform the following steps to update the port at the client application level:
Click Devices > Identity Server > Edit > OAuth & OpenID Connect > Client Applications.
Select the client application and click Authorized JavaScript origins (CORS).
Under Domains, ensure that the scheme and domain are correct, then add the port.
For example, specify https://abc.example.com:8543.
NOTE:Do not specify the port if you are using port 80 or 443.