Cannot get the authorization token in Javascript, although the call works in nPostmen

[irka...@gmail.com]

Hello,

I am trying to get authorization token after I get the code from the /authorization call. Getting token works in postmen, but not in Javascript. It returns :

"Access to fetch at 'https://sandbox.orcid.org/oauth/token' from origin 'https://vivli.local' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

At the same time the POSTMAN call with all the same parameters works and returns the json with authorization call.

Here is my code:

var myHeaders = new Headers();
myHeaders.append("Accept", "application/json");
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "my id");
urlencoded.append("client_secret", "my secret");
urlencoded.append("grant_type", "authorization_code");
urlencoded.append("code", code);
urlencoded.append("scope", "/activities/update");

var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded
};

fetch("https://sandbox.orcid.org/oauth/token", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));

Please help!

Thank you,

Irene

[Fran Alsina]

Hi Irene,

Thank you for the details.

These calls to our API cannot be made in a web browser, since those contain client-secrets and user information. They must be made by your server or a tool like Postman.

More details can be found here:

https://info.orcid.org/ufaqs/how-does-3-legged-oauth-work/

I hope that this helps.

Thank you and best regards,