Use authorization code flow by adding client secret

src/AuthTest/AuthTest/Controllers/HomeController.cs

@@ -36,7 +36,7 @@ public IActionResult Mappings()
     public static class RoleMappings
     {
         // Mapping of Auth0 'role' claim : DLCS role
-        public static Dictionary<string, IEnumerable<string>> Map = new()
+        public static readonly Dictionary<string, IEnumerable<string>> Map = new()
         {
             ["Reader"] = new[] { "https://api.dlcs.io/customers/2/roles/clickthrough" },
             ["Staff"] = new[]

src/AuthTest/AuthTest/Startup.cs

@@ -1,13 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using Auth0.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.HttpOverrides;
-using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -35,6 +30,7 @@ public void ConfigureServices(IServiceCollection services)
                 .AddAuth0WebAppAuthentication(options => {
                     options.Domain = Configuration["Auth0:Domain"];
                     options.ClientId = Configuration["Auth0:ClientId"];
+                    options.ClientSecret = Configuration["Auth0:ClientSecret"];
                     options.Scope = "openid profile email weco:patron_role";
                 });
 

src/AuthTest/Readme.md

@@ -24,7 +24,8 @@ The following configuration values will need to be added to run the app:
 ```json
 "Auth0": {
     "Domain": "<my-domain>.eu.auth0.com",
-    "ClientId": "<client-id>"
+    "ClientId": "<client-id>",
+    "ClientSecret": "<client-secret>"
   }
 ```