Auth0-js with PKCE

mcardle.liam · October 29, 2019, 5:56pm

Does the Auth0-js library support the Authorization Code Grant Flow with PKCE Grant? I do not see it in the auth0-js documentation.

konrad.sopala · October 30, 2019, 4:41pm

Hey there!

This flow is aimed at mobile/native apps and auth0-js is not an SDK for this kind of things. This document should tell you everything that you need to know about this flow with PKCE:

konrad.sopala · October 30, 2019, 4:48pm

and as far as I don’t know your usecase the SDK you potentially look for is auth0-spa-js (which is kinda deviation from auth0-js):

mcardle.liam · October 30, 2019, 7:54pm

I believe this is incorrect. The authorization code flow with PKCE is certainly for SPAs. The implicit grant was historically used for SPAs because of browser limitations…which is no longer the case. FYI, your own documentation talks about this: OAuth2 Implicit Grant and SPA

mcardle.liam · October 30, 2019, 7:56pm

Yes, that library looks nice, however I need to control the look and feel (i.e. embedded login), which that library does not support. So hoping to use the legacy library (auth0-js) for this flow rather than rolling my own.

konrad.sopala · October 31, 2019, 3:04pm

Gotchya! Let me research that option and get back to you with the news soon!

system · November 15, 2019, 3:04pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

ajv · April 15, 2020, 8:06am

Thanks for re-opening this @konrad.sopala. Have you had the time to research this?

As @mcardle.liam also mentioned, auth0-spa-js won’t work for many since it’s quite limited (not embeddable, not that great for custom UI, can’t have both the passwordless and password login methods present, etc.). It’d be great if auth0-js’s feature set wouldn’t be left behind, so people who wish to deviate from the planned flow could do so

konrad.sopala · April 15, 2020, 10:11am

That’s the product decision the team did long ago when designing auth0-spa-js and diffrentiating it from auth0-js. The best way to advocate for that would be to raise the GitHub issue in the auth0-js repo describing usecase and your struggle and then share the link to it with us here so you can talk about it directly with repo maintainers. Thanks!

ajv · April 28, 2020, 7:44am

https://github.com/auth0/auth0.js/issues/941

konrad.sopala · April 28, 2020, 8:02am

Thanks I just pinged repo maintainers regarding that!

system · May 13, 2020, 8:02am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.