Generic OAuth Connection with Polar Flow Failing


currently I’m trying to add a custom social connection using the generic OAuth approach.
The goal is, that my customers can login using polar flow. I have added everything as the auth0 and the polar documentations are describing.

Every-time I log in using polar flow, I get an error similar to this:

  "date": "2020-10-31T12:26:55.078Z",
  "type": "f",
  "connection": "Polar-Access-Link",
  "connection_id": "SOME_CONNECTION_ID",
  "client_id": "SOME_CLIENT_ID",
  "client_name": "All Applications",
  "ip": "SOME_IP",
  "user_agent": "SOME_USER_AGENT",
  "details": {
    "body": {},
    "qs": {
      "state": "SOME_STATE",
      "code": "SOME_CODE"
    "connection": "Polar-Access-Link",
    "error": {
      "oauthError": "invalid_request",
      "type": "request-error"
    "session_id": "SOME_SESSION_ID"
  "hostname": "SOME_HOSTENAME",
  "strategy": "oauth2",
  "strategy_type": "social",
  "log_id": "90020201031122700188000481895412990414434796134750748706",
  "_id": "90020201031122700188000481895412990414434796134750748706",
  "isMobile": false,
  "description": "User failed to login"

Currently I think have figured out, that the problem could be the access token exchange. Getting the authorization code is working well and the token is valid.

I have tested the OAuth login with polar flow manually using insomnia and it is working well. Therefore there must be a problem concerning auth0.

The documentation for Polar Flow could be found here: Polar Flow Auth

I have investigated some more time in this issue and found the problem.
Therefore I build up a proxy to the token endpoint of polar flow and send them only the data they are expecting.
In addition I found out how the token request by auth0 looks like:

  "body": {
    "grant_type": "authorization_code",
    "redirect_uri": "SOME_REDIRECT_URI",
    "client_id": "SOME_CLIENT_ID",
    "client_secret": "SOME_CLIENT_SECRET",
    "code": "SOME_CODE"
  "header": {
    "connection": "Keep-Alive",
    "host": "SOME_HOST",
    "content-length": "246",
    "accept-encoding": "gzip",
    "user-agent": "Auth0 (",
    "content-type": "application/x-www-form-urlencoded",

Finally I figured out, that polar flow is restricting their token endpoint to not receive a client_id in the body. After pruning it in my proxy everything worked well

1 Like

Perfect glad to hear that! Thanks for sharing it with the rest of community!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.