Auth0 implementation - Getting Access Token

Question

Update: Here is the code I am using to make the request to Auth0 to get the authorization token, always resulting in a 403 Forbidden error. How can I correct the request to properly return an access token?

URL url = new URL("https://appted.auth0.com/oauth/token"); 
HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 
connection.setDoOutput(true); 
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); 

OutputStreamWriter writer = new OutputStreamWriter (connection.getOutputStream()); 
writer.write("client_id=" + my_client_Id + "&redirect_uri=http://MY_APP/servletname&client_secret=" + my_client_secret + "&code=" + responseCode + "&grant_type=authorization_code"); 
writer.close();

Answer 1

You used the seed project for a single-page application, which has no choice but to send back the access token. If you'd like to instead receive a code that can be sent to a server to be exchanged for an access token, I'd suggest using one of the webapp seed projects in conjunction with your server technology.

If you intend to continue using a single-page application, you will have to keep the token in the browser where the user or other could potentially find it. One way to mitigate this risk is to set the expiry time really low on your user dashboard for Auth0 and refresh your tokens often (more about refresh tokens can be found on our blog.

Hope this helps!

--Kassandra Perch, Developer Evangelist, Auth0