When Auth0 uses an OIDC enterprise connection with the back channel config (Auth Code Flow), the request to the IDP’s Token endpoint does not take place in the browser, Auth0 makes that request on the server.
Backend IDP may reject the request if it is not coming from a recognized user agent. We want to know what headers are sent in that request as some IDPs restrict requests by user-agent.
Using requestbin, by modifying an OIDC connection, the headers sent from Auth0 to an IDP during the token exchange are the following:
Host: enecls43dut9u.x.pipedream.net X-Amzn-Trace-Id: Root=1-6307c966-489731701b447d6b5e16eb96 Content-Length: 270 user-agent: Auth0 (auth0.com) accept: application/json accept-encoding: gzip, deflate content-type: application/x-www-form-urlencoded
Therefore, the IDP will need to accept requests with the following user-agent