Guest
home
beatmaps
rankings
community
store
help
forum
  1. Forums
  2. osu!
  3. Development

API v2 access-control-allow-origin missing

posted
Total Posts
7
Mugino
80 posts
Joined December 2012
Topic Starter
Mugino
Hello, new web developer here!
I'm trying to utilize the osu! API v2 to request some data.
I followed the documentation for Client Credentials Grant.

I copy pasted the javascript code and replaced client_id and client_secret with the oauth application I created in my user settings.

Running the code in my browser - The DevTool puts out the error that the access-control-allow-origin is missing.

Does it have to do with the fact, that I didn't include a Traceback URL? Or how can I fix this?

Lovely Greetings
Maiev
346 posts
Joined May 2017
Maiev
I have the same question and I don't know the answer but there are some troubles with CORS which can't resolve.

I tried adding no-cors but it didn't work for me. Also I tried using proxy server ( https://cors-anywhere.herokuapp.com ), creating a server-side script using PHP with XAMPP and still.. couldn't get the data
Last edited by Maiev , edited 1 time in total.
Mugino
80 posts
Joined December 2012
Topic Starter
Mugino

Maiev wrote:

I have the same question and I don't know the answer but there are some troubles with CORS which can't resolve.

I tried adding no-cors but it didn't work for me. Also I tried using proxy server ( https://cors-anywhere.herokuapp.com ), creating a server-side script using PHP with XAMPP and still.. couldn't get the data
I managed to retrieve some user data with the API v1 but failed regarding user profile image - same issue here, access-control-allow-origin missing
abraker
Global Moderator
8,312 posts
Joined July 2014
abraker
This works for me in python. You guys should post your code if you want help

import requests
import json
import time


session = requests.session()


def get_auth():
    url = 'https://osu.ppy.sh/oauth/token'
    data = {
        'client_id'     : client_id,
        'client_secret' : client_secret,
        'grant_type'    : 'client_credentials',
        'scope'         : 'public'
    }

    response = session.post(url, data=data, timeout=5)
    if response.status_code != 200:
        print(f'url: {url}  | {response.status_code}')
        return
    
    data = json.loads(response.text)

    if data['token_type'] != 'Bearer':
        print(f'Expected token type to be "Bearer", token_type = {data["token_type"]}')
        return

    auth_expire = time.time() + data['expires_in']
    print(f'Got new auth. Expires in {data["expires_in"]} seconds')

    return data['access_token']
Last edited by abraker , edited 10 times in total.
Mugino
80 posts
Joined December 2012
Topic Starter
Mugino

abraker wrote:

This works for me in python. You guys should post your code if you want help
Copying the JS-Code from the documentation and replacing the client_id and client_secret with the ones in my osu!settings I have the following code:

$(document).ready(function() {
    get_auth();
});

function get_auth() {
    const url = new URL (
        "https://osu.ppy.sh/oauth/token"
    );

    const headers = {
        "Accept": "applicaiton/json",
        "Content-Type": "application/x-www-form-urlencoded",
    };

    let body = "client_id=?????&client_secrect=?????????????????&grant_type=client_credentials&scope=public";
    
    fetch(url, {
        method: "POST",
        headers,
        body: body,
    })
    .then(response => response.json())
    .then(data => {
        console.log(data);
    })
    .catch(error => console.error(error));
};

As a result I recieve these errors

abraker
Global Moderator
8,312 posts
Joined July 2014
abraker
"Accept": applicaiton/json is misspelled

applicaiton -> application


I am not familiar with js, but I don't think the url params belong in body. They should be appended to url. You would typically put stuff in body as data to send when using PUT. The url should be:

https://osu.ppy.sh/oauth/token?client_id=?????&client_secrect=?????????????????&grant_type=client_credentials&scope=public
Last edited by abraker , edited 5 times in total.
clayton
1,893 posts
Joined November 2013
clayton
also this type of grant shouldn't be used in client-side js at all, you'd be sharing the API client's secret that way.
Please sign in to reply.

New reply

0
1 / 7