I’m using the nodejs express sample app generated that uses: GitHub - auth0/express-openid-connect: An Express.js middleware to protect OpenID Connect web applications.
- I have a regular web application in auth0
- I downloaded the sample app, and it works out of the box fine
- My app needs to get an accessToken so I followed the directions about
response_type: code
in theauth
config (below) - Now after successful login, and consent the redirect fails at
/callback
with a 400 andaccess_denied
- auth0 logs show a
Failed Exchange
error ofUnauthorized
- the app’s token endpoint auth method is POST
I’m not sure what to do here or what the issue is.
const config = {
authRequired: false,
auth0Logout: true,
clientSecret: process.env.SECRET,
authorizationParams: {
response_type: 'code',
scope: 'openid profile email read:whatever',
audience: 'https://my-email-test-service',
prompt: 'consent'
}
};
The 400 unauthorized is displayed on this uri
http://localhost:3000/callback?code=SditZiRrQswFl1bLW8veGnwsveNbxIxxxxxxxx&state=eyJyZXR1cxxxxxxxxJ9`