Auth0-js with PKCE

Does the Auth0-js library support the Authorization Code Grant Flow with PKCE Grant? I do not see it in the auth0-js documentation.

Hey there!

This flow is aimed at mobile/native apps and auth0-js is not an SDK for this kind of things. This document should tell you everything that you need to know about this flow with PKCE:

and as far as I don’t know your usecase the SDK you potentially look for is auth0-spa-js (which is kinda deviation from auth0-js):

I believe this is incorrect. The authorization code flow with PKCE is certainly for SPAs. The implicit grant was historically used for SPAs because of browser limitations…which is no longer the case. FYI, your own documentation talks about this: OAuth2 Implicit Grant and SPA

Yes, that library looks nice, however I need to control the look and feel (i.e. embedded login), which that library does not support. So hoping to use the legacy library (auth0-js) for this flow rather than rolling my own.

Gotchya! Let me research that option and get back to you with the news soon!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Thanks for re-opening this @konrad.sopala. Have you had the time to research this?

As @mcardle.liam also mentioned, auth0-spa-js won’t work for many since it’s quite limited (not embeddable, not that great for custom UI, can’t have both the passwordless and password login methods present, etc.). It’d be great if auth0-js’s feature set wouldn’t be left behind, so people who wish to deviate from the planned flow could do so :raised_hands: :crossed_fingers:

That’s the product decision the team did long ago when designing auth0-spa-js and diffrentiating it from auth0-js. The best way to advocate for that would be to raise the GitHub issue in the auth0-js repo describing usecase and your struggle and then share the link to it with us here so you can talk about it directly with repo maintainers. Thanks!

https://github.com/auth0/auth0.js/issues/941

1 Like

Thanks I just pinged repo maintainers regarding that!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.