We’re trying to write automated smoke tests against our platform, and as part of that effort we want to automate logging into auth0.
We’re using a standard ‘username-password’ connection in auth0 and using Authorization Code flow to log in.
We’ve been able to get it to work, but only if I pass the clientsecret as part exchanging the authorization code for an access token. I don’t understand why, because our mobile application is able to do this without the client secret.
I’ve created a git repo with my code here (https://github.com/Erwinvandervalk/DotnetAuth0Login) . Any tips on what i’m doing wrong with the client secret would be greatly appreciated.