Can I use Auth0 to return only an Authorization Code from an IDP?

Hi, I’m trying to use Auth0 to allow authentication against multiple Identity Providers (eg/ Okta, Google, etc) using OpenID Connect. What I need is to be able to have ONLY the Authorization code returned from the provider when the user successfully logs into the provider. I don’t want Auth0 SDK (tried JS and SPA SDK’s) automatically exchanging the Authorization Code for a token - I want to handle that.
Is this possible? I’ve tried everything I can think of and the SDK keeps on requesting a token - which I don’t want.


DISCLAIMER: This answer was auto-generated by an OpenAI bot.

Yes, it is possible to configure Auth0 to use only the Authorization Code flow and have your application handle the token exchange. To do this, you can disable the “Token Endpoint Authentication Method” setting in your Auth0 Dashboard.

Here are the steps to disable this setting:

  1. Log in to your Auth0 Dashboard and navigate to the “Applications” section.
  2. Select the application you want to configure.
  3. Under the “Application Settings” section, click on the “Advanced Settings” tab.
  4. Scroll down to the “OAuth” section and find the “Token Endpoint Authentication Method” setting.
  5. Set this setting to “None” and save your changes.

With this setting disabled, the Auth0 SDK will only return the Authorization Code to your application, and your application will be responsible for exchanging the code for an access token.

1 Like