Yes, the @auth0/auth0-react library automatically handles the Authorization Code Flow with PKCE (Proof Key for Code Exchange) in a React SPA. You don’t need to implement it manually. The library takes care of generating the PKCE code verifier and challenge, exchanging the authorization code for tokens, and handling token rotation and refresh automatically.
To configure the library for Authorization Code Flow with PKCE, you need to provide the necessary configuration parameters in the Auth0Provider component. These parameters include clientId, domain, and redirectUri. You can find the detailed documentation for the configuration and usage of @auth0/auth0-react in the official Auth0 documentation: https://auth0.com/docs/quickstart/spa/react
The documentation provides step-by-step instructions on how to set up the React SPA with @auth0/auth0-react and explains the concepts and features related to authentication and authorization using Auth0. It will help you understand the configuration options and make informed decisions for future implementations.