We are building a WebGL application in Unity, and we want to use Forge's Design Automation API in it. As most of the Design Automation API is using a Websocket API, it's pretty straightforward. BUT, Authentication is being done with a HTTP request, which is of course blocked by CORS.. The JS code looks like this:
Authentication: function () {
var postData = {
'client_id': 'the id',
'client_secret': 'the secret',
'grant_type': 'client_credentials',
'scope': 'code:all'
};
$.ajax({
url: 'https://developer.api.autodesk.com/authentication/v1/authenticate',
type: 'POST',
contentType: 'application/x-www-form-urlencoded',
data: postData,
}).done(function (data, textStatus, jqXHR) {
console.log("worked", data, textStatus, jqXHR);
console.log("data", data);
console.log(jqXHR.responseJSON);
}).fail(function (jqXHR, textStatus, errorThrown) {
console.log("failed", jqXHR, textStatus, errorThrown);
console.log(jqXHR.responseJSON);
})
}
The documentation for reference: https://forge.autodesk.com/en/docs/oauth/v1/reference/http/authenticate-POST/
We are not sure how to bypass CORS in this situation and how to get the bearer token from Forge..
I don't think you want to do 2-legged oauth from the browser. This means that you distribute your client id/secret to everyone who uses your website.
You should use 3-legged oauth. See for example, https://github.com/zhuliice/forge-designautomation-websocket-api/tree/main/browser