Question:
I the doc, section titled “Execute an authorization grant flow”, the first step is to get the User’s Authorization.
The doc, states “To begin an Authorization Code flow, your web application should first send the user to the authorization URL: etc”.
My appologies if this question is a basic nodejs development related one, but how do you do that in nodejs? Are we talking to make a http POST request to the URL?
This quick start uses express + passport.js to initiate this flow. That code is well encapsulated. This is the exact line that does this with middleware:
This is how it works. When the server is spun up it configures passport.js with the passport-auth0 strategy. When calling the login endpoint it checks the session for a valid/authenticated user. If one doesn’t exist that endpoint will redirect the user to the /authorize endpoint to trigger Authorization Code Flow.
Then after the user successfully logs in Auth0 will redirect the user back to here:
This also uses passport.js middle ware to do the code exchange. It is actually using the auth0 strategy as well to do the state validation and code exchange. You can see how passport and the auth0 strategy are configured here: