Mysterious code in Auth0 React wrapper

I’m attempting to use the Auth0 React wrapper, and I’m wondering what this if statement is intended to do:

if ("code=")) {
    const { appState } = await this.auth0Client.handleRedirectCallback();

I’ve looked in the sample app on github and can find no reference to this “code=” param.

This code parameter is the authorization code (as per OAuth2 Authorization Code Grant + PKCE) you get back from the authorization server (=Auth0), in the URL. So, this code snippet checks for this authorization code in the URL and then knows whether to proceed further with handling the callback logic (= if such code exists in the URL).

Let us know if you have any other questions regarding that!

Thank you! I do have a couple more questions.

So it seems like this is the process:

  1. User is logged out
  2. User navigates to my app
  3. My app calls createAuth0Client
  4. At this time, there is no code= in the URL, so we skip handleRedirectCallback
  5. My app calls isAuthenticated
  6. The user is not logged in, so we skip getUser
  7. My app calls loginWithPopup
  8. User is redirected to Auth0 login page
  9. User enters credentials successfully
  10. User is redirected back to specified page of my app
  11. My app calls createAuth0Client again
  12. This time, code= is in the URL
  13. My app calls handleRedirectCallback, which returns an appState object
  14. My app calls isAuthenticated
  15. Since the user is authenticated, my app called getUser


  1. Do I have the process correct?
  2. Where can I find documentation on what the appState object contains? From what I see in the example, it at least has a targetUrl property. Are there any other properties?

Hey @konrad.sopala, Do you have a minute to look at my question (just above this one)?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.