CORS error in oauth

hi everyone,

have anyone of you got this CORS error

Access to fetch at ‘https://apia.coolkit.cn/v2/user/oauth/code’ from origin ‘https://c2ccdn.coolkit.cc’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’m redirecting users to oauth interface ( eWeLink Web ) with all query parameters set. i’m supposed to get the authorisation code.

Could anyone help ?

How did you trigger this error? Please provide detailed steps and specific information, such as what is the authorization page URL? Normal login will not trigger this issue.

Thank you for your response,

This error comes when my client tries to login to his account to grant me permission to manipulate his devices.

From my serverside i generate a URL :
https://c2ccdn.coolkit.cc/oauth/index.html?clientId=gDl4P89G6bgb48cViBnKlpeEEYuKCDba&seq=1720259308523&authorization=XXX&redirectUrl=http%3A%2F%2Flocalhost%3A3000&grantType=authorization_code&state=YYY&nonce=de087df74c6f8237

Then i render this URl to my client, after a successful login i’m supposed to be redirected to the redirectUrl provided in query paramas with a code that will allow me to get a auth token.

But the problem is that oauth and login not working due to cors error, i’ve tried even with wrong credentials and the problem persist.

Access to fetch at ‘https://apia.coolkit.cn/v2/user/oauth/code’ from origin ‘https://c2ccdn.coolkit.cc’ has been blocked by CORS policy

Hi, I recently finished my API class, so you can directly see the mothods and parameters I have used for authentification.

But there is for sure not a problem with CORS its 100% issue either with your redirect_url or parameters sent to https://c2ccdn.coolkit.cc’ I had in the beggining also some issues because when I sent seq parameter as an int when string is expected :slight_smile:

const clientId = process.env.CLIENT_ID;
const clientSecret = process.env.CLIENT_SECRET;
const redirectUrl = process.env.REDIRECT_URL;
const seq = Date.now().toString(); // Timestamp in milliseconds
const nonce = crypto.randomBytes(8).toString(‘hex’); // 8-digit alphanumeric random string
const authBaseUrl = process.env.AUTH_BASE_URL;

module.exports = {
getAuthLink: (req, res) => {
const state = req.query.email; // User email

    // Generate HMAC SHA256 signature
    const buffer = Buffer.from(`${clientId}_${seq}`, 'utf-8');
    const sign = crypto.createHmac('sha256', clientSecret).update(buffer).digest('base64');
    // Create authorization URL
    const params = {
        clientId,
        seq,
        authorization: sign,
        redirectUrl,
        grantType: 'authorization_code',
        state,
        nonce,
    };

    const authUrl = authBaseUrl + `?${querystring.stringify(params)}`;
    res.json({ authUrl: authUrl });
    },

}

here’s my code, all query params are set as string

Looks ok. Just an simple idea - use http apart from https during connection to API. Or other way around use https in your redirect url.

I’ve tried with https but still having the same problem, i’m wondering if it could be a region problem ?

I tried to call the interface with your APPID and the message “redirectUrl” did not pass validation, I thought:

  1. Your redirectUrl is incorrect
  2. The nonce is a random string of length 8
  3. Check the authorization parameter again