I am testing my app locally. It is not published yet. My redirect page is opened and a code= parameter is passed to it. On that page, I’m attempting to get the access token using that code. I am blocked by CORs (403 response to the OPTIONs request). I include the Authorization header as described in your documentation (clientID and client secret, separated by a colon, base64-encoded)… but that header is not in the OPTIONs request that Chrome is sending. Is that what is required? Is there something else going on here? Does my hostname need to be on a whitelist?
OPTIONS https://zoom.us/oauth/token HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
Accept-Encoding: gzip, deflate, br
Date: Thu, 17 Mar 2022 20:44:16 GMT
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
Invalid CORS request