[英]Cors error when accessing EBAY User Consent API
I am attempting to follow this EBAY User Consent API article https://developer.ebay.com/api-docs/static/oauth-consent-request.html but I am getting a CORS error "blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."我正在尝试遵循此 EBAY 用户同意书 API 文章https://developer.ebay.com/api-docs/static/oauth-consent-request.html但我收到 CORS 错误“被 882848775:59488 飞行前响应策略阻止请求未通过访问控制检查:请求的资源上不存在 'Access-Control-Allow-Origin' header。”
I've read numerous Cors posts here this one being a good one: XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header but none of these solutions seem to work.我在这里阅读了许多 Cors 的帖子,这是一个很好的帖子: XMLHttpRequest 无法加载 XXX 没有 'Access-Control-Allow-Origin' header但这些解决方案似乎都不起作用。
a pointer in the right direction would be great.指向正确方向的指针会很棒。
$(document).on('click','.ebay_access', async function(event) {
let scopes = encodeURIComponent("https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly https://api.ebay.com/oauth/api_scope/sell.finances https://api.ebay.com/oauth/api_scope/sell.payment.dispute https://api.ebay.com/oauth/api_scope/commerce.identity.readonly https://api.ebay.com/oauth/api_scope/commerce.notification.subscription https://api.ebay.com/oauth/api_scope/commerce.notification.subscription.readonly");
let clientId = "{{env('EBAY_APIKEY')}}";
let clientSecret = "{{env('EBAY_API_CERT_NAME')}}";
let oAuthCredentials64 = btoa(clientId + ":" + clientSecret);
let endpoint = 'https://api.ebay.com/identity/v1/oauth2/token';
try{
let response = await fetch(endpoint,
{
method: "POST",
headers:
{
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": `Basic ${oAuthCredentials64}`
},
body:
"grant_type=client_credentials&scope=" + scopes
}
);
let responseJson = await response.json();
console.log("CLIENT ACCESS TOKEN", responseJson);
} catch(err){
console.log("error: ", err);
};
}); //end function
There are multiple issues here.这里有多个问题。
The request you are making seems to be an authentication request , or "consent request", as eBay call it.您提出的请求似乎是一个身份验证请求,或 eBay 所说的“同意请求”。 This must be made to the authorization endpoint (probably https://api.ebay.com/identity/v1/oauth2/authorize ).这必须对授权端点进行(可能是https://api.ebay.com/identity/v1/oauth2/authorize )。 But you make it to the token endpoint ( https://api.ebay.com/identity/v1/oauth2/token ), as if it were a token request .但是您将其发送到令牌端点( https://api.ebay.com/identity/v1/oauth2/token ),就好像它是一个令牌请求一样。 But the token request is only the second step ( "Exchanging the authorization code for a User access token" ).但令牌请求只是第二步( “交换用户访问令牌的授权代码” )。
Moreover, neither the authentication request nor the token request are CORS requests:此外,认证请求和令牌请求都不是 CORS 请求:
In other words: No CORS should be involved at all.换句话说:根本不应该涉及 CORS。 The eBay API article explains this correctly. eBay API 文章对此进行了正确解释。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.