I'm trying to use the fetch API from a companion app to authenticate to a third-party web service. The service is designed for browser-based auth: on success, it returns a 302 redirect response with a Set-Cookie header. I can't figure out how to make this work in the Fitbit interface (mainly testing in the simulator, in case it makes a difference).

If I specify `redirect: "manual"` in the request, I get a response with type `opaqueredirect` and I can't see the Set-Cookie header. I understand why this is needed in a browser context, and in a browser I'd just use `redirect: "follow"`, let the browser process the Set-Cookie header, and then (subject to origin checks) I can read (or just use) the cookie from the browser's cookie store. But it doesn't look like the fitbit companion's implementation of fetch() supports this - if I let it follow the redirect, it looks like the Set-Cookie is simply ignored (it's possible I'm missing something here; it's hard to observe this directly).

Is there any workaround for this? I'd be happy with either a way to observe the headers of a redirect request, or a way for the system to process the Set-Cookie and let me make requests with that Cookie header later. Or as a last resort I could set up a proxy server somewhere and convert redirects into other kinds of responses, but I'd prefer not to do that.