Reactjs – Cors issue with react, express, and discord Oauth2

Ok since there’s no code posted in your question I can only assume you are trying to authorize something for your app via Discords oauth. Probably something like login or for you to access some users data. First you need to understand the oauth2 flow. You have probably seen this a lot when using the internet and logging in via google or discord for example. Lets walk through a simple step by step. Since I don’t have any of your code I will just kind of post some pseudo code for examples.

1. The authorization screen.

This is where the user can authorize an application to use their data. This needs to be visible to the user so you cannot call this via a javascript request you need to direct the user to this screen via a link or a redirect. I usually like to do it via redirect from express as it can keep your credentials much safer. So first let setup an endpoint for you to hit. For this example I am going to use localhost as your uri but in production you will need to swap this with your website domain.

app.get('/discord/oauth', async (req, res) => {
  try {
    const params = {
      response_type: 'code',
      redirect_uri: 'http://localhost:5000/discord/callback',
      scope: 'identify email guilds.members.read guilds.join guilds',
      client_id: 'YOUR_CLIENT_ID'
    }

    res.redirect(`https://discord.com/oauth2/authorize?${new URLSearchParams(params)}`)
  } catch (error) {
    console.log(error)
  }
});

Then in your client side just open this endpoint either with a link or with window.open so either <a href="http://localhost:5000/discord/oauth">Authorize App</a> or window.open("http://localhost:5000/discord/oauth"). This will direct a user to the authorization screen.

It’s worth noting that usually there is a state parameter passed to the authorization uri as well and then saved to your server session. Then you can check that state when the callback is hit just to assure that it is actually the user hitting that callback url.

2. The callback to your app

Once the user authorizes you to use their information discord will redirect back to your site to the redirect uri you provided. So we will set up an endpoint to deal with that. I am just going to show you in express here. You can redirect back to your client after you get the info you want on the server side or you can just have discord redirect to your client and you can call an api endpoint with the code they send you.

They will send you an authorization code to your callback. From there you can get access tokens to fetch whatever information you want.

app.get('/discord/callback', async (req, res) => {
  try {
    const { code } = req.query

    const params = {
    'grant_type': 'authorization_code',
    'code': code,
    'redirect_uri': 'Same redirect uri that you used in your authorization call'
    }

    const tokenRequest = await fetch(`https://discord.com/api/oauth2/token?${new URLSearchParams(params)}`, {
      method: 'POST',
      headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
      }
    })

    const { access_token, refresh_token, token_type, expires_in, identity} = await tokenRequest.json();

    // Now you can get your data with the access_token
    const dataRequest = await fetch('whatever discord endpoint you want')
    const data = await dataRequest.json()

    // redirect back to your client after you get your data
    res.redirect("http://localhost:3000/gotData")
  } catch (error) {
    console.log(error)
  }
});

Anyway that may have been a log winded explanation of oauth2.0. But it should give you a better idea of how this is actually implemented. This is not tested code it is just off the cuff but it should be fairly accurate. You can read the documentation here to get all of the details on how to use their oauth https://discord.com/developers/docs/topics/oauth2. If you have any question which I’m sure you might hit me up in the comments below.