I configured an API and application.
I have an angular app. I can login wit my user.
I see that in the logs (success login).
But than I have a Failed Exchange.
In the chrome dev tools, I see the following:
You mentioned having an Angular application, is it modeled in Auth0 as a SPA or Regular Web Application (RWA)? For front end applications like that we recommend it being a SPA, in which case the Auth Code Flow is not recommended and should use the Implicit Flow, more on that here:
I found the same issue with my react app today.
You can try this.
First, I created a new app setting.
Then I exported my settings, and compare it.
I found differences between old app and new app.
that differences are grant_types and token_endpoint_auth_method.
Would you mind all sending me your tenant name in a DM as well as a .har file for me to look into this further? More details on that here:
Just so I have some clarity on this, are you seeing these errors on all logins or are they specific only to Social Logins (Facebook/Google etc.)? Also is this issue only when you deploy your app or is it reproducible locally as well?
@masaki what were the differences that you noticed? The token_endpoint_auth_method should be set to none for a SPA, this would be worth confirming as that could cause an Unauthorized error.
I have shared the details on an email(DM) with you @colin.coutts. I am still not sure what’s not working inspite of a well laid out tutorial. @masaki did you find any luck resolving this bug (please can you share some links if you have managed to resolve this)
Wanted to bubble this up incase this happens to others in the future. I noticed that with the new ‘Credentials’ tab in Application Settings (shown below) in some cases there can be two places to change the token auth method. This tab and the application settings tab, below application type.
If these get out of sync, and they both aren’t set to ‘None’ this can cause problems with the code exchange similar to the problem above (this picture shows what the settings tab should look like, but for some tenants there will still be a dropdown for token auth method. The selection in the credentials tab will override whatever is set here)
For reference I discovered this using the auth0-spa-js library with standard JavaScript in a Blazor Appliction.