Send same redirect_uri as /authorize to /token

[stevehobbsdev]

Description

This PR ensures that the same redirect_uri value is sent to the /token endpoint as was sent to the /authorize endpoint.

In the case of loginWithRedirect, the redirect URI is stored in the transaction store and then used in handleRedirectCallback.

References

Fixes #287

Testing

This has been tested manually in the Vue quickstart that has been modified to accept a different callback URL from the base app URL.

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[pthieu]

Has this been released? I'm following the tutorial here: https://auth0.com/docs/quickstart/spa/react/01-login

Specifically in the https://auth0.com/docs/quickstart/spa/react/01-login#integrate-the-sdk section, I have the following code:

If I use redirect_uri=http://localhost:3000, it works because /authorize and /oauth/token uses the same redirect_uri. However, if I change the redirect_uri to something else, it fails

<Auth0Provider
    domain={process.env.REACT_APP_AUTH0_DOMAIN}
    client_id={process.env.REACT_APP_AUTH0_CLIENT_ID}
    redirect_uri={'http://localhost:9000'}
    onRedirectCallback={onRedirectCallback}
  >

I get a timeout error in the console.

I check the XHR requests in my Network Tab of Chrome DevTools and see that /authorize is using port 9000 but /oauth/token is still using port 3000, which is the same as window.location.origin.

I am on version ^1.8.0