Hi all.
I have started to get this error recently. It might be the same reason as you mention.
We are sometimes getting a code ending with a #(hashtag) first time a user authenticates with google.
When I post it to oauth/token, it always returns a 403.
I have tried with and without encoding the value, but it makes no difference.
Still works the second time the user gets a code (after he is added to the auth0 database). All other connections works fine (facebook, apple and email/password)
/Freddy