Here is the first of our two stage PKCE flow (via iOS Native App):
https://YOUR_AUTH0_DOMAIN/authorize?
audience=API_AUDIENCE&
scope=SCOPE&
response_type=code&
client_id=YOUR_CLIENT_ID&
code_challenge=CODE_CHALLENGE&
code_challenge_method=S256&
redirect_uri=https://YOUR_APP/callback
Response status is 200 but the Auth0 return is the html for the Auth0 login page. Shouldn’t this already be in a format for the 2nd stage of the PKCE flow? Perhaps this means that the initial Auth0 PKCE entry point is not being parsed correctly? Or is the flow not described fully, are they required to login after the 1st stage and before the 2nd stage?
The expectation was a single line of html to parse for the 2nd stage:
(Call Your API Using the Authorization Code Flow with PKCE)