Why we need to select “Authorization Code” and “Implicit” grant type for a Web App authentication which should not require “Implicit” grant type as it is less secure ? Implicit should only be required for SPA’s where back channel communication is not possible?
Thanks,
Vikas
You can uncheck those boxes if you are up to authz_code flow or PKCE
Un-checking boxes do not work.Please refer to following post:
Thanks,
Vikas
As you can see from the explanation, it’s just an issue/limitation of MS OWIN model (https://github.com/oktadeveloper/okta-aspnet-mvc-example/issues/18#issuecomment-374825066) If you’ve decided to go with Java stack for example, it wouldn’t have been an issue.
Ahh! Got it. Are you aware of any other option for ASP.NET app that does not has this limitation?
Appreciate the insights.
Thanks,
Vikas
No insights here 
I think I used .net core with authz_code and it worked fine, but it was a while ago
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.