CORS problem with Oauth2 and ionic2

I’m learning ionic, my app should get data from my fitbit. I’ve set it upa as follows:

A node.js server (Server1) in my local machine, should get requests from the ionic app and do the authorization/callback loop with fitbit.

An ionic App, in development mode running on server 2 (CLI> ionic lab), making the requests to Server1.

My problem:
On Server1 I’ve set up everything to allow CORS traffic (Access-Control-Allow-Origin etc…) and my communication between the ionic client and the server is OK.

fitbit requires a fixed callback after authorization (that’s the reason for Server1), so the first call from the ionic app triggers a server1-side “get” to the fitbit API, which goes back to the callback in Server1.

Thats the issue: When fitbit goes back to the callback URI the headers are “null” and the authorization is denied. I’ve tried also to go back to my ionic app after the first authorization request and then trigger from ionic a second request to the callback uri, but it’s not working. I get allways the following error:

XMLHttpRequest cannot load<MY_HOST_AND SOME OIPTIONS>. Redirect from '<MY_HOST_AGAIN> to '<MY_HOST_THIRD_TIME> has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.

Could you explain this and the series of requests a bit more? Best make it an ordered list with who is requesting what, redirecting where etc.

Sorry, I think I wrote this not very clear… My issue is:

The authorization requests goes like this:

step 1
MyIonicApp —> MyNode.JS server(get authorization) ----> dev

then, when fitbit sees all is ok, the fitbit sever knows the callback residing in my Node.JS server:

step 2 ----> MyNode.JS server callback: Get the code and a token from Fitbit, and store it.

step 3
MyIonicApp send request for data ----> MyNode.JS server asks fitbit, by adding token etc. --> fitbit,com

step 4.: sends the data —> MyNodeJS server ----> MyIonic APp

My problem is: Step 1 works ok, after step 1, when fitbit goes back to the MyNode.JS server, it tells a CORS error. It works when I disable chromes web security, but when deploying to my phone I’m still getting this error.

I read to try JSONP, I’m reading about it now…