This code parameter is the authorization code (as per OAuth2 Authorization Code Grant + PKCE) you get back from the authorization server (=Auth0), in the URL. So, this code snippet checks for this authorization code in the URL and then knows whether to proceed further with handling the callback logic (= if such code exists in the URL).
At this time, there is no code= in the URL, so we skip handleRedirectCallback
My app calls isAuthenticated
The user is not logged in, so we skip getUser
My app calls loginWithPopup
User is redirected to Auth0 login page
User enters credentials successfully
User is redirected back to specified page of my app
My app calls createAuth0Client again
This time, code=is in the URL
My app calls handleRedirectCallback, which returns an appState object
My app calls isAuthenticated
Since the user is authenticated, my app called getUser
Questions:
Do I have the process correct?
Where can I find documentation on what the appState object contains? From what I see in the example, it at least has a targetUrl property. Are there any other properties?