I am having an issue with my application that uses a custom social connection in Auth0 with Tiendanube as the provider. The user is created correctly in Auth0 and in my database, and the user information is properly fetched with the Fetch User Profile function. However, when the user is redirected to the return URL after logging in, Auth0 does not authenticate the user in my application.
Upon checking the user’s session in my application, I found that isAuthenticated is false and user is undefined. My application is a React single-page application, and the redirect URI works well for providers like Google, but it is not authenticating the user who logged in with the Tiendanube connection.
I have conducted numerous tests and verified that all URLs are correctly configured. For the Tiendanube connection, I used the following start URL: https://www.tiendanube.com/apps/CLIENT_ID/authorize. For the token, I use a proxy in my backend to communicate with Tiendanube, returning the data as required by Auth0. I have tested this and it works perfectly.
The problem is that, after authenticating, when the user returns to the redirect page, in the case of Tiendanube, it remains unauthenticated, having the code and state as query parameters, but Auth0 does not make the POST to oauth/token. I do not have the code_verifier, so I cannot make the POST manually, which results in an error. Additionally, I do not believe that this would be a solution since Auth0 handles this POST automatically for all social connection providers.
In my implementation, everything works correctly except for the last step, as Auth0 does not make the POST, and the user is not fully authenticated.
I was able to make it work correctly when the Tiendanube redirect was sent directly to Auth0. However, I had to remove this functionality because users can install the application directly by granting permission without ever having gone through the Auth0 login screen. When they accept the permissions, they are redirected to Auth0, and since there is no session in cookies or elsewhere, it throws an error indicating that the button was pressed too many times. For this reason, I had to add an intermediate screen to check whether there is a session or not, using a custom variable in localStorage.