Oauth without authorize call redirect

admin32 · 2018-10-26 16:55:22 UTC

Normally, Auth0 requires that a user first goes to Auth0 to login via the /authorize endpoint, which then redirects the user to google, etc.

But if you’re doing Oauth from an App Store like Shopify or Wordpress, you don’t have control over that - and Oauth will begin without going through the Auth0 redirect. As a result in the callback, Auth0 will say there’s no session found for the user and it will fail.

Is there any way to make this work?

nicolas_sabena · 2018-11-05 17:13:16 UTC

Hi @admin32. I’m afraid I’m not understanding the question here.
Native apps can (and should) request the device’s native browser to perform an authentication. The methods are slightly different for each platform (you should see this working in our native platforms quickstarts), but the basic process is like this:

Tell the OS the initial URL (which is the /authorize request) and the final URL (the callback URL).
The OS opens a browser popup. User does all the required steps (authentication, MFA, consent). When the flow reaches the callback URL, the OS detects that and sends the response back to the application
The application grabs the result of the authentication.