Client credentials grant flow API, CORS issue

I believe this issue has been discussed several times, but I cannot find the solution to my problem. I am using vue js and trying to get access token using the following post request:

let params ={
          client_id : this.twitchClientId,
          client_secret : this.twitchClientSecret,
          grant_type : "client_credentials"
        };'', params, {
         headers: {
           Accept: 'application/vnd.twitchtv.v5+json'
      }).then(async res =>{
      console.log("Token generated => " +;
      this.twitchAccessToken =;

        }).catch(err => {
        console.log("Twitch token err =>");

This is the error I get:

Access to XMLHttpRequest at '' from origin 'http://localhost:8080' has been blocked by CORS policy: Request header field client-id is not allowed by Access-Control-Allow-Headers in preflight response.

How can I tackle this issue? Thanks in advance.

Are you trying to do this all client-side? because you should not be using the Client Credentials flow client-side (eg, within a web page).

Yes. all from client side. Are you suggesting that I should get the token from the serve instead?

Client Credentials (ie, App tokens) should only ever be used server-side or otherwise you’re exposing the client secret in the page.

If you want to get a token client-side you should use the Implicit flow

The only problem with that is that I do not want the users to do anything. I just need the token to call the helix API:

Please let me know if there is another way to do that without using the Implicit flow.

The only other way would be to make the requests on your server rather than client-side.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.