OAuth - Response for preflight is invalid?

ghesp · July 4, 2016, 4:52pm

I’m currently writing something React & Node, and I can’t for the life of me get the token request to work. I have it working using Sails and Request, but I need to use Axios here. I’ve code the auth_code just find, but when I try and grab the access token, I get the following error:

XMLHttpRequest cannot load https://graph.api.smartthings.com/oauth/token. Response for preflight is invalid (redirect)

I’ve gone over the examples, as well as the node example by @schettj here: https://github.com/schettj/SmartThings/blob/master/stoauth.js

I am using Axios to make the request as per:

  let authData = {
    grant_type: 'authorization_code',
    code: code,
    client_id: this.state.client_id,
    client_secret: this.state.client_secret,
    redirect_uri: this.state.redirect_uri
    }

    axios.post(this.state.token_uri, authData)
    .then(function(response){
        console.log(response);
    })
    .catch(function(error){
      console.log(error);
    })

Code is the code returned and my redirect_uri is the same one I use when I make the initial request for the access code… The token_uri I am using is https://graph.api.smartthings.com/oauth/token
Any ideas?

EDIT: Looks like the content type needed to be passed with it as it’s not sent by default. Now I’m getting

XMLHttpRequest cannot load https://graph.api.smartthings.com/oauth/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

Know I know there is nothing I can do about this there, so any suggestions?

dariuszsikorski · August 8, 2016, 4:23pm

Add this to your HTTP request headers:

'Access-Control-Allow-Origin': '*'

Doug_Beard · September 9, 2016, 12:16pm

Adding ‘Access-Control-Allow-Origin’: ‘*’ to the request header isn’t working for me. My understanding of CORS that header must be on the resource not the request.

How do we solve this?

ghesp · September 11, 2016, 9:25pm

I was stupidly trying to connect from the browser, not a server.

manikanta_bollapraga · February 6, 2018, 5:57am

So how u solved this problem, i’m also having the same problem…

okolbu · February 11, 2018, 10:03pm

Need to provide more info, output from curl -v with your credentials etc removed would be useful. I had a similar problem with the new API where the web server fails to parse non-trivial Accept:-headers and also utterly fails to understand the CORS preflight concept. Gave up trying to get ST engineers to understand what they were doing wrong, so it’s still broken. Which basically means you have to use Chrome for browser-based access to that API as Firefox will fail when request needs preflight. I would not be surprised to learn that the web server for the old API behaves in much the same way. Postman is a good Chrome addon if you need to look at such traffic.

OK

Topic		Replies	Views
Web Services - Invalid Token Writing SmartApps webservices	5	2207	April 25, 2018
How to use the API with a backend-only service Support	4	176	February 5, 2025
OAuth for SmartThings Developer Programs oauth , developers	8	4367	January 25, 2022
OAuth Issues General Discussion developers	3	1456	May 29, 2016
Cannot get api token: invalid_client SmartApps & Automations	8	4608	October 24, 2015

OAuth - Response for preflight is invalid?

Related topics