Problems with Auth0 Authorization Code using School-service OpenID authentication


To begin with I´d like to give a glimpse on the project for explaining what I am trying to achieve. and say I´am completely new to Auth0, and its services. Please be patient…

As the title describes, I am trying to create a React web application where teachers can login to get a view of where the students are supposed to sit in the classroom. For the login the user will login using OpeneD Connect provider “Feide” which is the Norwegian systems for teachers and students login-services.

I am a student and are trying to get experience aside from school to get the grasp of things before I go out looking for a job.

So the problem here is this, my boss and I can’t resolve our access to the api systems that “Feide” uses, we are trying to get the info about the name of the school the teachers belongs to, and the students classes and such.

We have implemented the Auth0 with an application to be used on the website. We have also created an OpenID Connect provider for our “Feide” service. Everything works in some ways.

Problem 1. To access "Feide"´s api, we need to authenticate ourself with an access token. This is where both me and my boss loose our heads. From following the network from console, we can see this progress:

Step 1, .

The link provided down under shows that the Auth0 login screen is sending the scopes and everything we need.
address URL:

Step 2. (new users can only use 3 img´s, sorry about that…)
Request URL:

Missing cookie

As you can see from the link above, when clicking on the button, it is directing us to the new /oauth/authorization page from the OIDC provider and it does include the right scopes and whatnot.

We click on the “Feide” login button and is directed to the screen where we can choose how we are going to log in to this provider, we ar for this using my personal guest-user. but in the future, a teacher would pick the school they belong to from a dropdown and login with their credentials.

On this page you can also see from this picture:

There Is a discovery sent to the provider.

Step 3. When I get to the page where I log in with my user profile, this is the information that shows up in my console network tab:

Step4: When I click login, there is a whole bunch happening:
You can see that the redirect_uri from “Feide” is respected as we get directed to this, with a response_code:

Down below you can see that after we have hit the dev20…/callback%code=…xyz, we are then redirected back to localhost:3000 WITH another code? this code is ≠ (!=) the code from the dev.20…/callback/code=xyzz… so these doesn’t match. which is weird?

Problem 2: Lets say we got our code from “feide” in a callback in the URL. how do we save this, and use this to send a get/(post?) request back to that “feide” “” + our code?.

the feide DOCS says we need to exchange this code for an access token using Basic Authentication, saying something like: “Bearer {basic auth}” in the get request.

Im really sorry if this question is messed up, would wish this headache on any new people trying this out. But I’ve looked all over the place with no answers to come. So please help me understand, this might be a realy dumb question, but this is new for me…

i have followed the Auth0 DOCS to the point I’ve lost my brain somewhere along the way.

Looking forward to get replies.