Authorization Code Flow steps using okta-auth-js?

Hi all,
I’m new to Okta, javascript and OIDC so please excuse the novice question :slight_smile:

I’m trying to get a simple Authorization Code Flow working using the okta-auth-js sdk.
I have my application configured in Okta which seems to be working fine, it’s the use of the sdk that’s confusing me. My signInWithCredentials call is returning a status of SUCCESS but when I call authClient.isAuthenticated() i’m seeing a return of false.
All i’m really trying to do at this stage is retrieve the claims, scopes and the access token.
Is there something else I need to do between the two calls?


const authClient = new OktaAuth({
issuer: oidcConfig.get(“Issuer”),
clientId: oidcConfig.get(“ClientID”),
redirectUri: redirectURI

authClient.signInWithCredentials({username: username, password: password})
.then(tx => {"signInWithCredentials called. Status returned: " + tx.status );

  if (tx.status === 'SUCCESS') {'Authorisation successful');"Session token is: " + tx.sessionToken);	

  	.then(value => {
  		if (!value) {'Not authenticated');
  		} else {"Client is authenticated, retrieving access token...");
  			.then(value => {"Access token: " + value.accessToken);
  else {"signInWithCredentials not successful. Status is: " + tx.status);
  	throw new Error(`We cannot handle the ${tx.status} status.`)

.catch(e => {"Failed login, signInWithCredentials returned error: " + e);
throw new Error ('Error captured whilst logging in: ’ + e);

It looks like you’re getting a sessionToken back from signInWithCredentials but you’re not using it to get tokens so isAuthenticated is returning false.

You probably want to pass the sessionToken in one of these token get methods.

1 Like

Great, thanks Warren, that seems to have got me further. I just need to deploy my app with https as I’m seeing the following response:

Failed login, getWithoutPrompt returned error: AuthSdkError: PKCE requires a modern browser with encryption support running in a secure context.
The current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.

To be honest, i’m finding the Okta documents not the easiest to navigate. For example, where can I find the documentation on the OktaAuth class ?

No https needed for now. After tweaking my Okta application and setting pkce: false when creating my OktaAuth object, I’m getting a fulfilled response from my getWithoutPrompt call.

Still after documentation on the OktaAuth class, does it exist?