Can't get access token using Authorization Code Flow API

pavlo.ignatenko · April 13, 2023, 4:36pm

Hi there!
I’m trying to get a token using node’s https client.
I follow the following guideline - Call Your API Using the Authorization Code Flow

I make call to /authorize with params like that:
method: ‘GET’,
host: ‘poc-hs1.us.auth0.com’,
path: ‘/authorize?response_type=code&client_id=0AX0SJOUeExghDBBpZd4wIT9SNVBInqR&redirect_uri=http%3A%2F%2Flocalhost%3A3002%2Fapi%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&audience=http%3A%2F%2Flocalhost%3A8080%2Fapi&state=1x2y3z4’,

I expect of getting url /callback?code=… as stated in the guideline, but it returns /login?state=…
Type of the application - Regular Web Application, grant type - authorization code.
P.s. with current application setup I can easily get an access token with client_credentials and password grant types.

Thanks for assistance.

rueben.tiow · April 13, 2023, 5:42pm

Hi @pavlo.ignatenko,

Welcome to the Auth0 Community!

I understand that you need help with getting an access token with the Authorization Code grant flow.

Firstly, requesting the /authorize endpoint is the correct starting step to getting an access token.

Please note that the authorization code flow expects user interaction. Therefore, I recommend using a browser to get the /authorize endpoint:

https://poc-hs1.us.auth0.com/authorize?response_type=code&client_id=0AX0SJOUeExghDBBpZd4wIT9SNVBInqR&redirect_uri=http%3A%2F%2Flocalhost%3A3002%2Fapi%2Fauth%2Fcallback&scope=openid+profile+email+offline_access&audience=http%3A%2F%2Flocalhost%3A8080%2Fapi&state=1x2y3z4%E2%80%99

On this login page, it will prompt the user to enter their credentials to log in.

Only after successfully logging in will the browser return the code in the URL that looks something like the following:

https://https://poc-hs1.us.auth0.com/callback?code={authorizationCode}&state=1x2y3z4

I hope the explanation was clear.

Please let me know if you have any questions.

Thanks,
Rueben

pavlo.ignatenko · April 13, 2023, 7:47pm

Thanks a lot Rueben for such prompt response.
We’re creating tests which communicate the backend service directly.
Probably you could suggest another flow using user credentials but without interaction with browser, thru API only?
Thanks in advance.

rueben.tiow · April 14, 2023, 3:08am

Hi @pavlo.ignatenko,

Thank you for your response.

In this situation, I recommend using the Client Credentials flow to get an access token without user interaction that grants access to your API.

See the Call Your API Using the Client Credentials Flow documentation for more information.

Please let me know if you need further clarification on these instructions.

Thanks,
Rueben

system · April 28, 2023, 3:09am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.