我正在使用Auth0 sms无密码登录,我可以正确登录,并且我被正确地重定向到我指定的回调网址:http://localhost:8000/authenticated?code=AUTHORIZATION_CODE。我一直在关注this教程,但当我到第4步和第5步交换access_token和id_token的authorization_code时,我收到此错误消息:{"error":"access_denied","error_description":"Unauthorized"}。
这就是我通过POST将代码发送到Auth0服务器的方式:
var code = request.query.code;
var url = `https://${process.env.AUTH0_CLIENT_DOMAIN}/oauth/token?client_id=${process.env.AUTH0_CLIENT_ID}&redirect_uri=http://localhost:8000/authenticated&client_secret=${process.env.AUTH0_CLIENT_SECRET}&code=${code}&grant_type=authorization_code`;
Wreck.post(url, (err, res, payload) => {
console.log(payload.toString());
});
我的查询字符串中是否缺少某些内容?或者在发送此帖子请求之前我需要做些什么?
答案 0 :(得分:1)
我的问题已在auth0 repo:https://jdk8.java.net/download.html
的问题中得到解答但我在这里转发了答案:
发布有效负载,而不是在查询字符串中将其作为参数发送:
var code = request.query.code;
var url = `https://${process.env.AUTH0_CLIENT_DOMAIN}/oauth/token`;
var body = {
client_id:process.env.AUTH0_CLIENT_ID,
redirect_uri:'http://localhost:8000/authenticated',
client_secret:process.env.AUTH0_CLIENT_SECRET,
code:code,
grant_type:'authorization_code'
};
Wreck.post(url, {payload:body}, (err, res, payload) => {
console.log(payload.toString());
});