Hey all, posted this to Discord in coding last week and didn't get a response so though I'd try here.

I'm getting the following error from my settings:

Failed to load https://api.fitbit.com/oauth2/token: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app-settings.fitbitdevelopercontent.com' is therefore not allowed access. The response had HTTP status code 400. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

This code used to work. My implementation is essentially the same as the example on https://dev.fitbit.com/build/reference/settings-api/#oauth-button but I'll post it just to rule stuff out

<Oauth
 title="Fitbit"
 label="Fitbit"
 status={connectionStatusSelector(this.state)}
 authorizeUrl="https://www.fitbit.com/oauth2/authorize"
 requestTokenUrl="https://api.fitbit.com/oauth2/token"
 clientId={WEB_APP.CLIENT_ID}
 clientSecret={WEB_APP.CLIENT_SECRET}
 scope={WEB_APP.SCOPE}
 onAccessToken={this.onAccessToken}
/>

I don't see any option to modify the headers.  One thing to note, I've noticed this on device settings only, the simulator settings makes the Oauth request just fine. This failure is on my Nokia 6 running Android 8.1, connected to the bridge to a physical Ionic.