Differences between Invoke-RestMethod and browser fetch api

[ghost]

First, congratulations for this project. Very impressive indeed. I was thinking what's the difference between the Invoke-RestMethod and fetch api running on browser. I'm trying to use fetch to get a valid token without success. Do you have any idea about this?

[andshrew]

I can't help with fetch API as it isn't something I've used, but I can give you a high level overview of what my Get-AuthenticationToken function is doing to request a token which may make it easier for you to translate to what you want.

1. Make a GET request to: https://ca.account.sony.com/api/authz/v3/oauth/authorize?access_type=offline&client_id=ac8d161a-d966-4728-b0ea-ffec22f69edc&redirect_uri=com.playstation.PlayStationApp%3A%2F%2Fredirect&response_type=code&scope=psn%3Amobile.v1%20psn%3Aclientapp You include your npsso code in the cookie header of the request

2. You should get a 302 Moved Temporarily response. If successful within the headers of this response is a location item which will include code=v3....

3. Make a application/x-www-form-urlencoded POST request to: https://ca.account.sony.com/api/authz/v3/oauth/token In the body you include as form data:

   code="v3..." (taken from step 2)
   redirect_uri="com.playstation.PlayStationApp://redirect"
   grant_type="authorization_code"
   token_format="jwt"

   You must also include authorization in the header "Basic YWM4ZDE2MWEtZDk2Ni00NzI4LWIwZWEtZmZlYzIyZjY5ZWRjOkRFaXhFcVhYQ2RYZHdqMHY="

4. The content of the response you get will include the access token.

[ghost]

I'll try to translate in javascript code. Didn't have free time yet. Thanks a lot!

[ghost]

When I try to make a get request using fetch API, It shows the following message: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://m.np.playstation.net/api/... (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

When I use Invoke-WebRequest the CORS header isn't necessary. Any suggestion?