Closed pingpongdoctor closed 1 year ago
Thanks for reaching out. Our SDK already uses the authorization code flow with pkce, so there is no need for you to manually do this. Even more so, doing this manually will conflict with our SDK.
When I use the loginWithRedirect() function, everything works smoothly after users are authenticated. However, after implementing the Authorization Code Flow with PKCE, which involves generating a link for user authentication and authorization with a code verifier and code challenge, users are redirected repeatedly to the redirect URL
Using loginWithRedirect is the correct way, and it uses authorization code flow with pkce.
I recommend implementating our SDK as per https://auth0.com/docs/quickstart/spa/react, and rely on our SDK to do the authorization code flow with pkce internally for you.
Thanks for your help. I fixed it.
Checklist
Description
I have implemented the Auth0 React SDK along with the Authorization Code Flow with PKCE to obtain an access token in my React Single Page Application (SPA) for making API calls to my protected backend routes.
I chose the Authorization Code Flow with PKCE because SPAs are considered public apps, not confidential ones. Therefore, we cannot obtain an access token using the standard Authorization Code Flow.
When I use the loginWithRedirect() function, everything works smoothly after users are authenticated. However, after implementing the Authorization Code Flow with PKCE, which involves generating a link for user authentication and authorization with a code verifier and code challenge, users are redirected repeatedly to the redirect URL. Furthermore, the redirected links contain different values for the code query parameter each time.
Here is the link of the Authorization Code Flow with PKCE
Below is my code and the screenshot that demonstrates the problem.
Reproduction
When using the Authorization Code Flow with PKCE, I have to log in, and the isAuthenticated and user states retrieved from the useAuth0 hook are displayed in the Chrome browser console every time the home page is reloaded due to the infinite redirecting loop.
I've noticed that all the states are consistently either false or undefined, indicating that users are not being correctly authenticated. Consequently, this leads to the re-generation of the authorization link.
Additional context
Auth0Provider setup
main.tsx
App.tsx
Infinite loop in which users are redirected to this redirect uri with different values of the code query.
When I log isAuthenticated and user states, they are always false and undefined respectively.
I am very grateful for your helps. It has been quite a long time that I have been stuck with this bug. Thanks a lot
auth0-react version
2.2.1
React version
18.2.0
Which browsers have you tested in?
Chrome