Is there any way to remove access token from url?

If i want to remove access token from url, does auth0 support PKCE and if it does, do we need to have enterprise connections openid. Please share code snippet or github link

Hi @narasing.kokane,

Welcome back to the Community!

This question can be answered with a simple web search. Please give a baseline attempt at answering your own question before creating a topic.

Yes we support PKCE.

I have no idea what language or framework you are working with, but I bet if you do a web search for {your framework} auth0 you will see many valuable responses.

I am using Angular framework. I tried to remove access token that gets appended to the url while logging in by using responseMode: ‘form_post’ , that works but in this case i get an error “cannot post to/callback”. How this needs to be fixed ?

One more question is, Do i require any Enterprise Connections like pingID or open id connect for removing access token from URL ?
Params being passed are
auth0 = new auth0.WebAuth({
clientID: clientID,
domain: domain,
responseType: ‘token id_token’,
responseMode: ‘form_post’,
audience: audience,
redirectUri: callbackURL,
scope: scope,
connection: ‘db’,
leeway: 120,
prompt: ‘none’
});

You are using Auth0.js. This is our older JS SDK that does not use the PKCE flow.

Have you looked at our angular quickstart?