OAuth Authorization URL

jaumesagues · April 26, 2024, 3:25pm

I have got tokens using Client Credentials with Machine to Machine Application. To get these tokens, I used to send requests (POST) with postman to OAuth Token URL

Now, I would like to get tokens from a Single Page Application and I see that Client Credentials is not available.

First of all I’m trying to get tokens using Implicit grant type, and I think that I must use OAuth Authorization URL (Add Login Using the Implicit Flow with Form Post). However, I get an error message “Not found”. I have checked Implicit Grant Types in advanced settings of my Single Page Application.

Is it correct the OAuth Authorization URL? Which could be the cause of my error?

Thanks

peter.fernandez · April 29, 2024, 1:44pm

@jaumesagues

For a SPA, the recommendation is to use Authorization Code Flow with PKCE. I’d also recommend using one of the Auth0 SDKs as well, and you can find out more about these here.

Hope this helps

jaumesagues · April 29, 2024, 1:52pm

Thanks for your help.

Does it make sense to use Postman to verify the performance of our SPA?

peter.fernandez · April 29, 2024, 2:03pm

I think Postman can be configured to use the Authorization Code grant - see here for additional details. But if you’re using it to get an Access Token, you’re not really testing the performance of the SPA; you’re simply testing the performance of your API…and the performance of Auth0