I have been trying to set up the PKCE authorization with an expo react native application. This went well, up until I tried to fetch the access token from the /oauth/token endpoint.
The relevant code:
import * as AuthSession from 'expo-auth-session';
import { pkceChallenge } from 'react-native-pkce-challenge';
const authorizationEndpoint = "https://{myurl}/authorize";
const accessTokenUrl = "https://{myurl}/oauth/token";
const {codeChallenge, codeVerifier} = pkceChallenge();
const redirectUri = AuthSession.makeRedirectUri();
const [request, result, promptAsync] = AuthSession.useAuthRequest(
{
redirectUri,
clientId: auth0ClientId,
codeChallenge: encodeURIComponent(codeChallenge),
codeChallengeMethod: AuthSession.CodeChallengeMethod.S256,
responseType: 'code',
scopes: ['openid'],
extraParams: {
audience: "{myaudience}"
}
},
{ authorizationEndpoint }
);
Here I got the response:
{
"authentication": null,
"error": null,
"errorCode": null,
"params": Object {
"code": "f7SPGa4iMvQUBnBI",
"state": "lCVrP2kake",
},
"type": "success",
"url": "{redirectURI}?code=f7SPGa4iMvQUCnAI&state=lCVrP2kaka",
}
fetch(accessTokenUrl, {
method: "POST",
headers: { "content-type": 'application/x-www-form-urlencoded' },
body: JSON.stringify({
code: encodeURIComponent(result.params.code),
redirect_uri: encodeURIComponent(redirectUri),
client_id: encodeURIComponent(auth0ClientId),
grant_type: encodeURIComponent('authorization_code'),
code_verifier: encodeURIComponent(codeVerifier)
})
To this I got a 401 response:
"error": "access_denied",
"error_description": "Unauthorized",