We have implemented implicit flow in our Angular App using ‘angular2-oauth-oidc’ npm package. We want to change the existing implicit flow to code flow to make our app more secured. I have gone through few posts where guidelines given to create a new app with code flow but I do not find a clear guideline for changing the existing implicit flow design in an angular app to new code flow.
Could you please help us on how to achieve this.
@Aswathy.M According to their docs, you just need to change the responseType. https://github.com/manfredsteyer/angular-oauth2-oidc#logging-in
To configure your solution for code flow + PKCE you have to set the
Thanks. I have upgraded the angular-oauth2-oidc package to version 8 and performed following steps.
- Added responseType=‘code’ in auth config.
- Called initCodeFlow method instead of initImplicitFlow.
I believe one more change would be setting the grant type to Authorization Code instead of Implicit in App settings in OKTA Portal
Are the above changes sufficient ? Do I need to integrate authorization server ? If so please help me on how to do it.
That sounds right. You should be able to just enable the Authorization Code grant type in your Okta app settings.