Auth Code + PKCE flow supported by Okta mobile SDKs?

We’re looking to implement a native mobile application, integrated with Okta login, using a custom embedded login form not re-redirecting to the Okta Hosted Widget.

This guidance outlines that Auth Code + PKCE flow is supported however the methods described here suggests its using a re-direct method to the Okta Hosted Widget: Implement authorization by grant type | Okta Developer Is the Auth code + PKCE method supported where an embedded login process is required?

My understanding is that the Okta Swift SDK, for example, outlines this method to authenticate the user: GitHub - okta/okta-auth-swift: okta-auth-swift, but I cannot find documentation on whether the OIDC /Authorize endpoint is called and that a PKCE code is supplied as well to get an Authorization code? (it’s not evident in the code snippets)

If it is not a Auth Code + PKCE flow, then what type of OIDC flow is used in the Okta Swift SDK? Resource Owner Password Grant? (which does not support PKCE)?

I’m also keen to know this (unsurprisingly @michaelixp)

From what I understand and see in the codebase, the okta/okta-auth/swift is simply a wrapper over primary authentication (AuthN), but does not implement the authorization flow.

What you’ll need to do is create your embedded login with the okta-auth/swift SDK. When users successfully authentication, you’ll receive a sessionToken, which you can provide to manually implement the authorization code flow w/ PKCE or use the okta/okta-oidc-ios with the “.authenticate(withSessionToken)” method to
GitHub - okta/okta-oidc-ios: Okta with AppAuth retrieve a ID/AT/RT.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.