Error: Invalid authorization code

Hi,

I’m trying to create an application that could log in to another application using the implicit flow.
So I have 2 apps, let’s say:

  • Bankin’Pro
  • TravelBudy

Bankin’Pro is the app that has the user infos and TravelBudy is the app where the user is trying to login using the button “Connect with Bankin’Pro”.

Here’s the code on TravelBudy:

  const login = async () => {
    const auth0 = await createAuth0Client({
      domain: "bankinpro.eu.auth0.com",
      clientId: "xxx",
    });

    const res = await auth0.loginWithPopup({
      authorizationParams: {
        scope: "openid profile email",
        redirect_uri: "http://localhost:3000/",
        client_id: "<travel_budy_client_id>",
      },
    });
  };

The popup opens, I can login to the Bankin’Pro app, then I have the consent page where it asks if I want to share my Bankin’Pro data with TravelBudy, I consent, and then I got this error:

{"error":"invalid_grant","error_description":"Invalid authorization code"}

Seems like it sends a POST request to this Bankin’sPro endpoint : https://bankinpro.eu.auth0.com/oauth/token
Error: Invalid authorization code

Do you guys have any idea what’s wrong?

Hi @gamcoh

Welcome to the Auth0 Community!

Thank you for posting your question! To secure your application best, I suggest switching to the Authorization Code Flow with PKCE. Regarding your current code, can you try including a response type in your request code?

 authorizationParams: {
            ...
            response_type: 'token' // Specify the response type for the implicit flow
        },

Thanks
Dawid