We’re looking to implement a native mobile application, integrated with Okta login, using a custom embedded login form not re-redirecting to the Okta Hosted Widget.
This guidance outlines that Auth Code + PKCE flow is supported however the methods described here suggests its using a re-direct method to the Okta Hosted Widget: Implement authorization by grant type | Okta Developer Is the Auth code + PKCE method supported where an embedded login process is required?
My understanding is that the Okta Swift SDK, for example, outlines this method to authenticate the user: GitHub - okta/okta-auth-swift: okta-auth-swift, but I cannot find documentation on whether the OIDC /Authorize endpoint is called and that a PKCE code is supplied as well to get an Authorization code? (it’s not evident in the code snippets)
If it is not a Auth Code + PKCE flow, then what type of OIDC flow is used in the Okta Swift SDK? Resource Owner Password Grant? (which does not support PKCE)?