Third Party Applications

loramatt · June 22, 2018, 2:27pm

Hello, i’m trying to emulate te flows i’ll need to create with Auth0, but i’m unable to test a third party application as i get keep getting the error "You should not be hitting this endpoint. Make sure to use the code snippets shown in the tutorial or contact support@auth0.com for help”. I’m using the code provided in the getting started section for React SPA and Native iOS Swift and i get the same error in both. The React SPA demo app is reachable here:
http://unox-thirdpartyapp.s3-website.eu-central-1.amazonaws.com/. The same code works if i don’t set the app as a third party (see here http://unox-firstpartyapp.s3-website.eu-central-1.amazonaws.com).

How is the third party app flow supposed to work? Where can i read about it?

I’ve created the third party app from the dashboard and then edited it by using the PATCH api.

Many thanks

Carlos_Mostek · June 26, 2018, 8:50pm

It looks like there are some issues with your login page that you have configured in the “hosted pages” section of your manage dashboard.

First, you should be using the authParams instead of hard-coding the values for client ID and domain. Also, you are using a deprecated version of Auth0 lock. You should be using version 11.

I would recommend switching back to the built in page for now and then seeing if that works for you. If it does, then I would recommend starting over with building your login page out and base it off of the version that is set by default.

loramatt · June 28, 2018, 9:54am

Thank you for you response Carlos. I’m using the default hosted login page (non customized) which seems to have a deprecated lock version. If i switch on the “Customize login page” toggle and leave the code as is, i get the 11 lock. With the 11 lock i can login from the first party app without issues, but i get “Something went wrong. Please contact technical support.” using the third party app. I didn’t touch anything in the hosted page code, am i missing something? Thanks

Carlos_Mostek · June 28, 2018, 3:22pm

The problem with your third-party app is that you need to do two things.

You must customize your login page and pass __useTenantInfo: true to lock (base option). This page is for dynamic clients, but this section applies to all third party clients: https://auth0.com/docs/api-auth/dynamic-client-registration#update-the-login-page
You need to use the management API to “promote” the connections that you want available to your third party apps as domain level connections. This page is for dynamic clients, but this section applies to all third party clients: Dynamic Application Registration