Hello @mhaseeb.tariq, you can try to create some wrapper API for generating access token (and inside wrapper API routing policy, use https://xyz.com/invoke/pub.apigateway.oauth2/getAccessToken as a native endpoint) and then configure CORS in response processing policy of the wrapper API.
Note: Wrapper API will be pass-through API only where it simply takes JSON request payload and pass on to native endpoint and will return native’s response back to consumer.
Ask API consumers to invoke wrapper API instead of builtin getAccessToken endpoint. Hopefully this will solve CORS error you are currently seeing in case of built-in getAccessToken endpoint.
Thanks
#API-Management#webMethods#API-Portal#API-Gateway