Hi there:
We’re using svelte/sveltekit for a new “Regular Web” application, and we’re testing implementation of the basic Authorization Code Flow as recommended by auth0. After the user logs in, and we receive the authorization code, we redirect them back to our callback endpoint. where our server tries to exchange the code for a token.
export async function get(req) {
const code = req.url.searchParams.get("code");
const accessToken = await getAccessToken(code);
return {
body: JSON.stringify(accessToken)
}
}
The getAccessToken function looks as follows:
function getAccessToken(code: string) {
return axios.post<{ accessToken: any }>(
config.auth0.tokenAuthEndpoint,
{
client_id: config.auth0.clientId,
client_secret: AUTH0_CLIENT_SECRET,
code: code,
grant_type: "authorization_code",
redirect_uri: "http://localhost:3000"
},
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
}
},
).then(response => {
return response.data.accessToken;
}).catch(error => {
console.log(error);
});
}
This request returns a 401 error (access denied). The same request with the same parameters in using curl succeeds.