Hi,
I’m trying to implement the SPA login flow (Auth0 Vue SDK Quickstarts: Login) for an existing Auth0 application. We are migrating from machine-machine login to OAuth login in the browser.
I’m seeing an error when trying to exchange a “code” for an oauth token use the Auth0 SPA JS library. The response from Auth0 is {"error":"access_denied","error_description":"Unauthorized"} and this is caused because the request is sent with the application/json content type (due to auth0-spa-js/utils.ts at fd21bc5806fa3bc30a854779bbffeb648fb6e7bd · auth0/auth0-spa-js · GitHub). If I construct an equivalent request with the application/x-www-form-urlencoded content type then I get a token back in the response and everything works.
Is there a setting on my Auth0 Application that I can change to allow application/json requests?
Here’s the failing request (copied from dev tools)
curl 'https://redacted.eu.auth0.com/oauth/token' -H 'Sec-Fetch-Mode: cors' -H 'Referer: http://localhost:8081/login?code=redacted&state=Q0otOC1jMW0wVlJvR0h1MUJVSkhqaWxSdlpmVWp6fkNwd010QkNNUTdmMQ%3D%3D' -H 'Origin: http://localhost:8081' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36' -H 'Content-type: application/json' --data-binary '{"grant_type":"authorization_code","redirect_uri":"http://localhost:8081","client_id":"redacted","code_verifier":"RZ88iGYNaJIcb~GxUocHEhHdOVfOErwqIuZUpmdieoE","code":"redacted"}' --compressed