i am trying to integrate “@auth0/auth0-spa-js”: “^1.12.1” for “Authorization Code Grant Flow with PKCE”
when i do “getTokenSilently()” call, i see that first call goes to /authorize and return 200. however after that multiple “/oauth/token” calls goes but all end up in error.
i tried looking around but could not fine any issue.
I’m having the same issue. But I verified against Chrome, Safari, and Firefox on Mac OS where they all behave the same - 401 response. You may also see an error in your Console that says “Invalid State”.
There seems to be a number of different ways that Invalid State can be caused.
Those compatibility cookies will give you a warning, but shouldn’t be causing the problem. Can you please DM me a HAR file with a capture of the transaction.
@snehal.libra I just had support help me address my issue. The SPA was configured with POST for “Token Endpoint Authentication Method” (I didn’t set that, it was defaulted to POST when app was created). However, that seems to require Secret being passed. I had to change to Web Application, set the method to NONE, then changed it back to SPA and was able to get past the same 401 error. Hopefully that helps you as well.