OAuth Authorization URL

jaumesagues · April 26, 2024, 3:25pm

I have got tokens using Client Credentials with Machine to Machine Application. To get these tokens, I used to send requests (POST) with postman to OAuth Token URL

Now, I would like to get tokens from a Single Page Application and I see that Client Credentials is not available.

First of all I’m trying to get tokens using Implicit grant type, and I think that I must use OAuth Authorization URL (Add Login Using the Implicit Flow with Form Post). However, I get an error message “Not found”. I have checked Implicit Grant Types in advanced settings of my Single Page Application.

Is it correct the OAuth Authorization URL? Which could be the cause of my error?

Thanks

peter.fernandez · April 29, 2024, 1:44pm

@jaumesagues

For a SPA, the recommendation is to use Authorization Code Flow with PKCE. I’d also recommend using one of the Auth0 SDKs as well, and you can find out more about these here.

Hope this helps

jaumesagues · April 29, 2024, 1:52pm

Thanks for your help.

Does it make sense to use Postman to verify the performance of our SPA?

peter.fernandez · April 29, 2024, 2:03pm

I think Postman can be configured to use the Authorization Code grant - see here for additional details. But if you’re using it to get an Access Token, you’re not really testing the performance of the SPA; you’re simply testing the performance of your API…and the performance of Auth0

Topic		Replies	Views
How access token is not exposed on the client side? Help configuration , application	2	171	June 20, 2024
Client AUth with Securing REST API JWT.io	11	6244	July 26, 2019
How does Auth0 provide authorization code flow in a SPA Help	6	4693	May 9, 2020
SPA with Authorization Code Grant Help authorization-flow	6	11907	August 30, 2019
(still issues with) 401/Unauthorized when obtaining token in Authorization Code grant Help login-experience , new-universal-login-experience	3	1444	September 28, 2024

OAuth Authorization URL

Related Topics