Hi i m trying to build a communication with my custom api through PKCE method i implemented the verifier → code challenge but when i’m trying to get the authorization code it seems that i need to relog it opens my login interface however i’m already log. is it necessary to pass through the login webpage a second time (after i log through the first logging page) Thanks and sorry about my english
Hi @tarek.elghoul . In the PKCE flow, once you authenticate in the login screen the first time, you should receive the authorization code which is then used (along with the verifier) in the endpoint /oauth/token, to exchange it for valid tokens. There shouldn’t be any need to reauthenticate a second time. You can read more about this flow here: Authorization Code Flow with Proof Key for Code Exchange (PKCE)
You also mention Swift, so I would recommend that you use the Auth0.swift library, which already handles all these exchanges for you: Auth0.swift
Hi @ricardo.batistan thanks for your respond the issue is that im using two different audiences one for the app and the other one for the api (the one i will use for PKCE) and i think auth0 can’t handle login with multiple audiences. i thought of login the user after that authorize him for the api can silent authorization work is this case ? thanks again for your help