A login action, saves a session state token, redirects to OAuth sign-on.

const redis = require('nim').redis()

function login(auth0, args) {
    const state = generateSessionToken()
    const {code_verifier, code_challenge} = verifierAndChallenge()

    return redis
        .setAsync(state, code_verifier)
        .then(_ => {
            let url = getAuthorizationCode({
                ...auth0.config,
                state,
                code_challenge
            })

An authorization action as the OAuth call back, retrieves stored session state and confirms the callback is valid.

const redis = require('nim').redis()

function authorize(auth0, decode, args) {
    const state = args.state
    const authorization_code = args.code

    if (state) {
        return redis
            .getAsync(state)
            .then(code_verifier => {
                if (code_verifier && args.error !== 'unauthorized') {
                    return getToken({
                        ...auth0.config,
                        authorization_code,
                        code_verifier
                    }).then(...)