Possible to use AppAuth to only return auth code (no token)?

Hi, I am trying to use AppAuth in an Expo (RN) app to allow a user to obtain tokens from 3rd-party services. For security, I only want to obtain a responseType: code, which I can then pass to my server (which stores the secret key) to handle retrieving a user’s token. My code is pretty boilerplate and looks as follows:

const config = {
  serviceConfiguration: {
    authorizationEndpoint: '[auth provider]/oauth/authorize',
    tokenEndpoint: 'https://[auth provider]/oauth/token',
  issuer: 'none', // parameter required by typescript type
  clientId: '[CLIENT_ID]',
  // clientSecret: '[CLIENT_SECRET]',
  redirectUrl: '[MY_REDIRECT_URL'],
  responseType: 'code',

try {
  const tokenResponse = await AppAuth.authAsync(config);
  console.log('RESPONSE: ', tokenResponse);
} catch (err) {
  console.log('ERROR: ', err);

This fails with an error saying Error: ERR_APP_AUTH: Non-200 HTTP response (400) making token request to 'https://[auth provider]/oauth/token'.]

Which seems odd because I am requesting only a code, not a token. However, if I uncomment/pass along clientSecret I get a response object that includes a token:

Object {
  "accessToken": "X3A4B2GYLO",
  "accessTokenExpirationDate": "2019-10-04T15:44:57.432Z",
  "additionalParameters": Object {},
  "idToken": null,
  "refreshToken": "ABCZXBLZXHKG4",
  "tokenType": "bearer",

How should I structure the request to get back just a code (without including my CLIENT_SECRET)?

Thanks in advance for any help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.