Authorization flow between front end and backend

nalherbawi · February 5, 2024, 10:24pm

a question is it possible to use okta widget to grap the authorization code only and then send it from front end to back end for token exchange?
and if so do the admin need to change any thing??
is this code correct?

let signIn = new OktaSignIn({
baseUrl: ‘https://{{company}}.okta.com/’,
clientId: ‘id’,
redirectUri: ‘http://localhost:8080/authorization-code/callback’,
authParams: {
responseType: [‘code’]
},
});

i got the following error

the baseUri i try with also the openid: /oauth2/v1/authorize
i get the following error:

i start to think that this kind of flow does not work. i have to fully do it either in front end or back end or am i wrong?

nalherbawi · February 5, 2024, 10:40pm

owh seems i need showSignInAndRedirect. i will check this and see

nalherbawi · February 5, 2024, 11:18pm

seems yes i should used showSignInAndRedirect. but now i get the following error:
what kind of option need to be enabled on the app side?

vk-giri · February 8, 2024, 8:09pm

Hi, The Authorization code can be implemented with both the Front Channel and Back Channel. You can have the /authorize call in the front channel wherein the user enter his credentials, completes any MFA and gets back the authorization code

This code can be sent to the backend from where it can be exchanged for a token by the /token endpoint.

If you are trying to use Okta Sign in widget, refer to this doc Embedded Okta Sign-In Widget fundamentals | Okta Developer for a better understanding

system · March 9, 2024, 8:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.