Hi, I am trying to use AppAuth
in an Expo (RN) app to allow a user to obtain tokens from 3rd-party services. For security, I only want to obtain a responseType: code
, which I can then pass to my server (which stores the secret key) to handle retrieving a user’s token. My code is pretty boilerplate and looks as follows:
const config = {
serviceConfiguration: {
authorizationEndpoint: '[auth provider]/oauth/authorize',
tokenEndpoint: 'https://[auth provider]/oauth/token',
},
issuer: 'none', // parameter required by typescript type
clientId: '[CLIENT_ID]',
// clientSecret: '[CLIENT_SECRET]',
redirectUrl: '[MY_REDIRECT_URL'],
responseType: 'code',
};
try {
const tokenResponse = await AppAuth.authAsync(config);
console.log('RESPONSE: ', tokenResponse);
} catch (err) {
console.log('ERROR: ', err);
}
This fails with an error saying Error: ERR_APP_AUTH: Non-200 HTTP response (400) making token request to 'https://[auth provider]/oauth/token'.]
Which seems odd because I am requesting only a code
, not a token
. However, if I uncomment/pass along clientSecret
I get a response object that includes a token:
Object {
"accessToken": "X3A4B2GYLO",
"accessTokenExpirationDate": "2019-10-04T15:44:57.432Z",
"additionalParameters": Object {},
"idToken": null,
"refreshToken": "ABCZXBLZXHKG4",
"tokenType": "bearer",
}
How should I structure the request to get back just a code
(without including my CLIENT_SECRET
)?
Thanks in advance for any help!