Auth0 Home Blog Docs

Node JS Authorization code grant question

authorization-code-f

#1

Here is the scenario I would like to achieve:

  • User authenticated using:
    router.get(’/login’, passport.authenticate(‘auth0’, {
    clientID: env.AUTH0_CLIENT_ID,
    domain: env.AUTH0_DOMAIN,
    redirectUri: env.AUTH0_CALLBACK_URL,
    responseType: ‘code’,
    audience: ‘https://’ + env.AUTH0_DOMAIN + ‘/userinfo’,
    scope: ‘openid profile’}),
    function(req, res) {
    res.redirect("/");
    });

  • get the user profile and do some validation:
    router.get( ‘/callback’,
    passport.authenticate(‘auth0’, {
    failureRedirect: ‘/failure’
    }),
    function(req, res) {
    res.redirect(req.session.returnTo || ‘/user’);
    }
    );

  • Send the authorization code received from the authentication process to 3rd party for an Authorization code grant.

The problem is, once my callback is called and this runs
passport.authenticate(‘auth0’, {
failureRedirect: ‘/failure’
}),
the authorization code is already been exchanged and I cannot use it again.
How can I get another code to be used without the need to re authenticate the user again?
I might be looking at this from a wrong way. The dilemma I need to capture the user profile before sending the code to the 3rd party.
Appreciate your help guys been looking at this for the past 2 days :frowning:


#2