Hi Team
We have implemented implicit flow in our Angular App using ‘angular2-oauth-oidc’ npm package. We want to change the existing implicit flow to code flow to make our app more secured. I have gone through few posts where guidelines given to create a new app with code flow but I do not find a clear guideline for changing the existing implicit flow design in an angular app to new code flow.
Could you please help us on how to achieve this.
@Aswathy.M According to their docs, you just need to change the responseType. GitHub - manfredsteyer/angular-oauth2-oidc: Support for OAuth 2 and OpenId Connect (OIDC) in Angular.
To configure your solution for code flow + PKCE you have to set the
responseTypetocode
Thanks. I have upgraded the angular-oauth2-oidc package to version 8 and performed following steps.
- Added responseType=‘code’ in auth config.
- Called initCodeFlow method instead of initImplicitFlow.
I believe one more change would be setting the grant type to Authorization Code instead of Implicit in App settings in OKTA Portal
Are the above changes sufficient ? Do I need to integrate authorization server ? If so please help me on how to do it.
That sounds right. You should be able to just enable the Authorization Code grant type in your Okta app settings.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.