Authorization flow between front end and backend

Questions OAuth/OIDC
1

a question is it possible to use okta widget to grap the authorization code only and then send it from front end to back end for token exchange?
and if so do the admin need to change any thing??
is this code correct?

let signIn = new OktaSignIn({
baseUrl: ‘https://{{company}}.okta.com/’,
clientId: ‘id’,
redirectUri: ‘http://localhost:8080/authorization-code/callback’,
authParams: {
responseType: [‘code’]
},
});

i got the following error

2
2740×109 8.89 KB

the baseUri i try with also the openid: /oauth2/v1/authorize
i get the following error:
1

i start to think that this kind of flow does not work. i have to fully do it either in front end or back end or am i wrong?

2

owh seems i need showSignInAndRedirect. i will check this and see

3

seems yes i should used showSignInAndRedirect. but now i get the following error:
what kind of option need to be enabled on the app side?

Screenshot from 2024-02-06 01-17-49
Screenshot from 2024-02-06 01-17-49938×499 27.6 KB

4

Hi, The Authorization code can be implemented with both the Front Channel and Back Channel. You can have the /authorize call in the front channel wherein the user enter his credentials, completes any MFA and gets back the authorization code

This code can be sent to the backend from where it can be exchanged for a token by the /token endpoint.

If you are trying to use Okta Sign in widget, refer to this doc Embedded Okta Sign-In Widget fundamentals | Okta Developer for a better understanding

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.