Authorization Code Flow steps using okta-auth-js?

wazzag · November 29, 2022, 7:14pm

Hi all,
I’m new to Okta, javascript and OIDC so please excuse the novice question

I’m trying to get a simple Authorization Code Flow working using the okta-auth-js sdk.
I have my application configured in Okta which seems to be working fine, it’s the use of the sdk that’s confusing me. My signInWithCredentials call is returning a status of SUCCESS but when I call authClient.isAuthenticated() i’m seeing a return of false.
All i’m really trying to do at this stage is retrieve the claims, scopes and the access token.
Is there something else I need to do between the two calls?

Thanks,
W

const authClient = new OktaAuth({
issuer: oidcConfig.get(“Issuer”),
clientId: oidcConfig.get(“ClientID”),
redirectUri: redirectURI
});

authClient.signInWithCredentials({username: username, password: password})
.then(tx => {
  console.info("signInWithCredentials called. Status returned: " + tx.status );

  if (tx.status === 'SUCCESS') {
  	console.info('Authorisation successful');
  	console.info("Session token is: " + tx.sessionToken);	

  	authClient.isAuthenticated()
  	.then(value => {
  		if (!value) {
  			console.info('Not authenticated');
  		} else {
  			console.info("Client is authenticated, retrieving access token...");
  			
  			authClient.tokenManager.get('accessToken')
  			.then(value => {
  				console.info("Access token: " + value.accessToken);
  			})
  		}
  	})
  }
  else {
  	console.info("signInWithCredentials not successful. Status is: " + tx.status);
  	throw new Error(`We cannot handle the ${tx.status} status.`)
  }
})
.catch(e => {
console.info("Failed login, signInWithCredentials returned error: " + e);
throw new Error ('Error captured whilst logging in: ’ + e);
})

warren · November 29, 2022, 9:42pm

It looks like you’re getting a sessionToken back from signInWithCredentials but you’re not using it to get tokens so isAuthenticated is returning false.

You probably want to pass the sessionToken in one of these token get methods.

wazzag · November 29, 2022, 10:44pm

Great, thanks Warren, that seems to have got me further. I just need to deploy my app with https as I’m seeing the following response:

Failed login, getWithoutPrompt returned error: AuthSdkError: PKCE requires a modern browser with encryption support running in a secure context.
The current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.

To be honest, i’m finding the Okta documents not the easiest to navigate. For example, where can I find the documentation on the OktaAuth class ?

wazzag · November 29, 2022, 11:10pm

Progress!
No https needed for now. After tweaking my Okta application and setting pkce: false when creating my OktaAuth object, I’m getting a fulfilled response from my getWithoutPrompt call.

Still after documentation on the OktaAuth class, does it exist?

Post		Replies	Views
Using authorization code flow for web client with client secret OAuth/OIDC	3	2962	February 15, 2024
Unable to get Access or Id token using Okta-Auth-JS (singInWithCredentials) OAuth/OIDC	4	1704	June 17, 2024
OIDC PKCE flow for client API auth - best option? OAuth/OIDC	3	857	June 22, 2024
Trying to implement okta-oauth-js examples, no permission to fetch openid-configuration OAuth/OIDC api , oauth , javascript	4	2604	March 4, 2023
Not Able to Authorize user and get the toke OAuth/OIDC	8	1324	January 3, 2024

Authorization Code Flow steps using okta-auth-js?

Related topics