obtain token failed with error:{ error: 'invalid_grant', error_description: 'Invalid authorization code' }

Here is my code which use Node.js(express):

    passport.authenticate('auth0', {
        clientID: env.AUTH0_CLIENT_ID,
        domain: env.AUTH0_DOMAIN,
        redirectUri: env.AUTH0_CALLBACK_URL,
        audience: 'https://' + env.AUTH0_DOMAIN + '/userinfo',
        responseType: 'code',
        scope: 'openid'
    function(req, res) {

// Perform session logout and redirect to homepage
router.get('/logout', (req, res) => {

// Perform the final stage of authentication and redirect to '/user'
    passport.authenticate('auth0', {
        failureRedirect: '/'
    function(req, res) {
        // res.redirect(req.session.returnTo || '/user');
        let code =req.query.code;
        if (code){
            res.redirect(req.session.returnTo || '/user');
            getToken(code,function (result,err) {
                if (err){


function getToken(code,callback) {
    let options = { method: 'POST',
        url: 'https://liberty-peter.auth0.com/oauth/token',
        headers: { 'content-type': 'application/json' },
                grant_type: 'authorization_code',
                client_id: 'Client_id',
                client_secret: 'Client_secret',
                code: code,
                redirect_uri: 'http://localhost:3000/callback'
        json: true };

    request(options, function (error, response, body) {
        if (error) throw new Error(error);


router.get('/user',function (req, res) {
   res.send("response success");

In the code,I will open the url(http://localhost/login),input my username and password and click the login button,after login success,I will use the code from the params of callback url to call url(https://liberty-peter.auth0.com/oauth/token) to obtain the access_token.
However,it always returns a error response:

{ error: 'invalid_grant',
  error_description: 'Invalid authorization code' }

I’m new to auth0 and fetch this problem for a whole day.I do not know what the problem is.

I would really appreciate it if someone can help me ive been struggling for 1 day now.

Thanks alot for taking your time and reading my post!

I could not reproduce the issue in an application that also performs the authorization code exchange so this is either application specific or tenant/domain specific due to something on your account.

I noticed that you already added a console.log to output the code that is about to be used in the exchange so as an additional check, if you haven’t done so already, would be to using the browser network tools inspect the HTTP responses to verify that the code the application is about to try to exchange is exactly the one issued in the authentication response. The last request to [your_domain].auth0.com should result in an HTTP redirect response to your application callback URL so in the location HTTP header you should see the exact code being issued and the one you would need to compare against the logged by the console.log statement.