Hi,
We have two applications that make up the front end of our product. One is an old ASP.NET Core MVC application and the other is a new React SPA application, users will generally login to the old MCV application first and be redirected to the react application for specific actions (we are trying to move fully to react but its a slow process ).
In auth0 we have a single application setup for this product/application as it was only the MVC application that used auth0 properly, the react application currently has a custom setup for authentication. (Specifically we take the JWT from the MVC application and pass it across to react as a query param when we send users over)
I have been working on some updates to our react app in preparation for moving more of the MVC application over and I wanted to change the custom authentication to use auth0ās react provider. I followed this guide to get it setup and its all working as expected for the most part. The only issue faced is when the user is redirected to the /callback route it fails to redirect as the app tries to make a call to /oauth/token for the token exchange, but this call fails.
I have worked out that the reason for the failed call is that the auth0 application has been set to a āRegular web applicationā rather than a āSPA applicationā. From what I understand a āSPA applicationā will use Authorization Code Flow with PKCE where as a āRegular web applicationā will use just regular Authorization Code Flow. Is there anyway for me to tell the react app to use the PKCE flow whilst still using the single same auth0 application set to a regular web application type?