Skip to main content


A model that initialized a PKCE Authentication Flow.


response_typestrIndicates to Auth0 which OAuth 2.0 Flow you want to perform. Use code for Authorization Code Grant (PKCE) Flow.
statestrAn opaque value the clients adds to the initial request that Auth0 includes when redirecting the back to the client. This value must be used by the client to prevent CSRF attacks.
noncestrA local key that is held as the comparator to state, thus they should be the same.
code_challengestrGenerated challenge from the code_verifier.
code_challenge_methodstrMethod used to generate the challenge. The PKCE spec defines two methods, S256 and plain, however, Auth0 supports only S256 since the latter is discouraged.
audiencestrThe unique identifier of the target API you want to access. i.e.[optional]
screen_hintstrProvides a hint to Auth0 as to what flow should be displayed. The default behavior is to show a login page but you can override this by passing 'signup' to show the signup page instead.[optional]
promptstrTo initiate a silent authentication request, use prompt=none (see Remarks for more info).[optional]
scopeList[str]The scopes which you want to request authorization for. These must be separated by a space. You can request any of the standard OpenID Connect (OIDC) scopes about users, such as profile and email, custom claims that must conform to a namespaced format, or any scopes supported by the target API (for example, read:contacts). Include offline_access to get a Refresh Token.
client_idstrYour application's Client ID.