SPA for a third party client and domain connection

We’re evaluating Auth0 for a project that involves an identity provider on our part, and we’re trying to make this work for any number of third party clients.

In our tests, we create an SPA that mimics what one of our clients would implement to have our login working in their apps, and we try to provide a domain level connection and a third party application to them.

We’ve started from the Javascript quickstart example from the dashboard, and with a first party application everything works fine. But it’s not the case with third party applications, neither creating one from scratch (via the Management API) nor modifiying a first party application created from the dashboard via a PUT request.

We have a third party application and a domain level connection, and when we redirect to the /authorize? page we get an error: “You should not be hitting this endpoint. Make sure to use the code snippets shown in the tutorial or contact support@auth0.com for help”

What is it we need to do to make this kind of setup work?

Thanks in advance

3 Likes

Can you provide code samples of your code where you’ve implemented the auth?

It’s a very simple implementation. Relevant code:

loginBtn.addEventListener("click", function(e) {
    e.preventDefault();
    var nonce = generateNonce(16);
    var params = {
      client_id: AUTH0_CLIENT_ID,
      nonce: nonce,
      redirect_uri: AUTH0_CALLBACK_URL,
      response_type: "token id_token",
      scope: "openid profile email",
      audience: AUDIENCE
    };

    let queryString = urlEncodeParams(params);

    window.localStorage.setItem("nonce", nonce);
    var auth0url = `https://${AUTH0_DOMAIN}/authorize?${queryString}`;
    window.location.replace(auth0url);
  });

did you by chance create the third party app from the dashboard and then PATCH it using the api? Or did you create the third-party app through the management API (setting is_first_party: false) ?

This topic was automatically closed after 14 days. New replies are no longer allowed.