Angular Quick Start Guide

Hi,

I recently signed up for an Okta Developer account and I wanted to provide you with some feedback.

My technology stack:

  • Angular + Angular Material PWA/SPA
  • RESTful API built using TypeScript, Node.js, Express and TypeORM

I followed the Okta Angular Quick Start Guide (and in the Okta Node.js/Express.js Quickstart section) I noticed that the call to oktaJwtVerifier.verifyAccessToken() doesn’t include the expected audience:

  ...

  const accessToken = match[1];

  return oktaJwtVerifier.verifyAccessToken(accessToken)
    .then((jwt) => {
      req.jwt = jwt;
      next();
    })
    .catch((err) => {
      res.status(401).send(err.message);
    });

For example:

  ...

  const accessToken = match[1];
  const expectedAudience = 'api://default';

  return oktaJwtVerifier.verifyAccessToken(accessToken, expectedAudience)
    .then((jwt) => {
      req.jwt = jwt;
      next();
    })
    .catch((err) => {
      res.status(401).send(err.message);
    });

I understand it’s a Quick Start Guide but I found the guide confusing as I was expecting to see some mention of (or reference to):

  • an Okta Login (OIDC Implicit Flow) component
  • an Okta Login (OIDC Authorization Code Flow with PKCE) component
  • an Auth service
  • an Auth guard (with some discussion of routes and the need to use runGuardsAndResolvers: 'always')
  • an OKTA_CONFIG provider
  • an Auth interceptor

I did find what I was looking for :slight_smile: but only after a lot of searching (and a bit of trial and error).

Cheers
Rob

Hi @Robinyo

Thank you for the feedback. I have created a small PR to update the documentation and mention the audience on verifyAccessToken, which you can find here.

Regarding the references, I have moved this topic to Feature Requests section in order for the engineering team to review it and create an improved guide in the future.