When the user logs in they are sent to https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
state=STATE
After authenticating, they are sent to the redirect_uri along with a ‘code’ parameter, which can then be used via the https://YOUR_DOMAIN/oauth/token endpoint to exchange the code for a token.
Is it possible to obtain a ‘code’ value via API instead of through the authorize web page? For example, maybe this could be possible via an API provided I can already authenticate the user through a password grant. Or via the management API. This would be on a test domain.
The reason this is important is for automated browser testing via Cypress. There is documentation available for using Cypress when Auth0 is fully integrated into the app, but in my case Auth0 is used for single-sign on and then gets out of the way, and sessions are managed using a bespoke mechanism. So it is not possible to set cookies based on Auth0 values and expect the app to pick up on them. The only app endpoint available to me from Cypress is the redirect_url which needs to accept a ‘code’ argument.
Thank you for any suggestions.