Auth0 forcing response_type=code instead of token/id_token (Google Apps Script SPA)

futurehomeinspection · November 6, 2025, 1:14pm

I’m integrating Auth0 with a Google Apps Script web app (front-end only, no backend).

Even though my script calls /authorize with:
response_type=token id_token
response_mode=fragment

Auth0 keeps forcing:
response_type=code
response_mode=form_post
which causes “Callback URL mismatch.”

My deployed URL:

I suspect this happens because my Auth0 app is currently set as a “Regular Web Application,” but Google Apps Script is actually a Single Page Application (SPA).

Can someone confirm if changing the app type to “Single Page Application” (SPA) or enabling implicit flow is the correct fix?

Thank you!

nik.baleca · December 2, 2025, 6:55pm

Hi @futurehomeinspection

I am sorry about the delayed reply to your post!

Most likely, the issue can be caused by the application type mismatch in the Auth0 Dashboard which might force specific authorization flows. Do you still experience difficulties on the matter or have you found the root cause?

Kind Regards,
Nik

Topic		Replies	Views
Universal (hosted) login page defaults to authorization_code flow instead of implicit flow Get Help lock , auth0	2	3592	August 29, 2019
redirectUrl not working for SPA Get Help not-working , redirecturi	4	5839	March 2, 2018
Change response type of Auth0 authentication Get Help auth0 , api , login	4	4947	August 26, 2019
401/Unauthorized when obtaining token in Authorization Code grant Get Help	19	61591	November 8, 2022
How do I get id_token instead of access_token Get Help	8	6496	August 28, 2019

Auth0 forcing response_type=code instead of token/id_token (Google Apps Script SPA)

Related topics