Exchange authorization_code for access_token and id_token not working using Auth0

Question

I am using Auth0 sms passwordless login and I can login correctly and I am redirected correctly to my specified callback url: http://localhost:8000/authenticated?code=AUTHORIZATION_CODE. I have been following this tutorial but when I get to step 4 and 5 to exchange the authorization_code for the access_token and id_token I am getting this error message back: {"error":"access_denied","error_description":"Unauthorized"}.

This is how I am sending the code to the Auth0 server through a POST:

var code = request.query.code;
var url = `https://${process.env.AUTH0_CLIENT_DOMAIN}/oauth/token?client_id=${process.env.AUTH0_CLIENT_ID}&redirect_uri=http://localhost:8000/authenticated&client_secret=${process.env.AUTH0_CLIENT_SECRET}&code=${code}&grant_type=authorization_code`;

Wreck.post(url, (err, res, payload) => {
  console.log(payload.toString());
});

Is there something that I am missing from my querystring? Or something I need to do before sending this post request?

score 1 · Accepted Answer · answered Nov 10 '16 at 12:37

My question was answered in an issue on the auth0 repo: https://github.com/auth0/auth0.js/issues/234

But I have reposted the answer here:

Post the payload, not send it as params in the query string:

var code = request.query.code;
var url = `https://${process.env.AUTH0_CLIENT_DOMAIN}/oauth/token`;
var body = { 
  client_id:process.env.AUTH0_CLIENT_ID,
  redirect_uri:'http://localhost:8000/authenticated',
  client_secret:process.env.AUTH0_CLIENT_SECRET,
  code:code,
  grant_type:'authorization_code'
};

Wreck.post(url, {payload:body}, (err, res, payload) => {
    console.log(payload.toString());
});

Exchange authorization_code for access_token and id_token not working using Auth0

1 Answers1