Express-openid-connect response_type: code = 400 access_denied

bitsofinfo · June 15, 2022, 2:23am

I’m using the nodejs express sample app generated that uses: GitHub - auth0/express-openid-connect: An Express.js middleware to protect OpenID Connect web applications.

I have a regular web application in auth0
I downloaded the sample app, and it works out of the box fine
My app needs to get an accessToken so I followed the directions about response_type: code in the auth config (below)
Now after successful login, and consent the redirect fails at /callback with a 400 and access_denied
auth0 logs show a Failed Exchange error of Unauthorized
the app’s token endpoint auth method is POST

I’m not sure what to do here or what the issue is.

const config = {
  authRequired: false,
  auth0Logout: true,
  clientSecret: process.env.SECRET,
  authorizationParams: {
    response_type: 'code',
    scope: 'openid profile email read:whatever',
    audience: 'https://my-email-test-service',
    prompt: 'consent'
  } 
};

The 400 unauthorized is displayed on this uri

http://localhost:3000/callback?code=SditZiRrQswFl1bLW8veGnwsveNbxIxxxxxxxx&state=eyJyZXR1cxxxxxxxxJ9`

bitsofinfo · June 15, 2022, 4:40pm

fixed this by ensuring that clientSecret is the CLIENT_SECRET… not the rando SECRET value that the app generates in the sample app

Topic		Replies	Views
Gettting Issuer.discover(error) using express-openid-connect Knowledge Articles	1	1931	May 17, 2023
Mysterious /oauth/token errors of "invalid grant" and "Invalid authorization code". Help token-endpoint	3	14627	March 2, 2018
Login on a React SPA via ExpressJS backend (express-openid-connect) Help configuration , application	2	731	April 3, 2024
refreshToken missing from request.oidc Help oidc , refresh_token	3	3422	January 6, 2022
"invalid_request: Unknown client" when attempting to get access token via Postman Help configuration , application	4	1054	March 1, 2024

Express-openid-connect response_type: code = 400 access_denied

Related Topics