Access token endpoint and CORS


#1

Hello,
I’m trying to exchange an auth code for an auth token. It looks like https://api.home.nest.com/oauth2/access_token doesn’t support CORS but I can’t find any documentation around it. Has anyone else run into this, or does anyone have any insight?

Thanks in advance,
Dan


#2

I don’t believe any of the Nest API endpoints support CORS. Why would you need it when requesting an access token?


#3

Thanks for the reply

When I try to request the token I’m getting this message
17 PM which leads me to believe the issue is related to CORS. If I make the request with { mode: ‘no-cors’ }, I have trouble reading the response.

When I make the request from a server, it works fine. I haven’t found any docs on this site that say you have to make that request from a server/non-client environment. Trying to sort out what’s going on…


#4

If the request works from a server, then this is probably due to your setup (using ngrok to tunnel to a localhost?) rather than anything to do with the Nest API endpoint. It may be sending headers that the endpoint is not expecting.

If there’s a way to see what the Body of the 400 response is, that might help too. There are a few different things that could cause it: https://developers.nest.com/documentation/cloud/authorization-reference#access_token_error_responses

Also, this Stack Overflow Q&A on the same error you’re getting might be helpful: https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe