I did some more testing here @rp_st and I got something out of it:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/authorisationurl?thirdPartyId=google. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/authorisationurl?thirdPartyId=google. (Reason: CORS request did not succeed).

If I add CORS, then it goes to:

XHROPTIONShttps://offscript.io/api/auth/authorisationurl?thirdPartyId=google
CORS Preflight Did Not Succeed

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/authorisationurl?thirdPartyId=google. (Reason: CORS preflight response did not succeed).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/authorisationurl?thirdPartyId=google. (Reason: CORS request did not succeed).

Same goes with Email/password.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/signin. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://offscript.io/api/auth/signin. (Reason: CORS request did not succeed).