How to use the authorization code from auth0 with my API after redirect

I’m building a SaaS project that requires authentication (duh!) and for that I am using Auth0. I’ve managed to the steps detailed here successfully.

Code from above link:

https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
audience=API_AUDIENCE&
state=STATE

But I’m not sure what to do when I redirect to the redirect_url (here my dashboard url, e.g: dashboard.example.com). I mean I don’t know how to use this code.

I get the code appended to url after redirect, so I think everything’s working, but am not sure how to use it further to populate the dashboard with user details and retrieve content.

Do I use my API endpoint here instead of the dashboard url?

Hope my question is clear.

Any help would be wonderful! Thanks in advance!

Hi @vnp01,

In order to give you the most relevant information, can you tell us a little bit about your app (is it a spa or regular web app, what language are you using, which SDK are you using, .etc)?

The Auth0 SDKs provide a simplified way of handling the code exchange for your app. You can find example apps in our Auth0 Docs. In general, your app will need to exchange the authorization code for an Access Token and ID Token by sending a POST to your Auth0 tenant’s /oauth/token endpoint:


curl --request POST \
  --url 'https://YOUR_DOMAIN/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=authorization_code \
  --data 'client_id=YOUR_CLIENT_ID' \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data code=YOUR_AUTHORIZATION_CODE \
  --data 'redirect_uri=https://YOUR_APP/callback'

The ID Token is used by your app to get basic profile information and the Access Token is used for your app to send with API requests.

But how do i get the AUTHORIZATION_CODE? :confused:
The Docs say i have to get the code from my response header. I’ve been trying to send a http GET request in my Java Springboot Web App but can’t find a “location” header.