Code verifier and code challenge

sandy · June 20, 2020, 8:42am

I would like to know where exactly in the code are we using the code_verifier and code_challenge. I thought pkce flow works like :

hit the /authorize endpoint with code_challenge as parameter to get the authorization_code.
hit the /token endpoint with authorization_code and code_verifier as parameters to get id_token and access_token.
Validate the id_token by sending it to /introspect endpoint.

How are the redirects done in the code? Does loginOkta() take care of all of these ?

phi1ipp · June 21, 2020, 11:24pm

Not 100% sure what you concern is about, but loginOkta based on the repo, which you attached, will do redirect. code_verifier/challenge is taken care of by okta-auth-js automatically, behind the scene, so you don’t need explicitly do anything, except setting a config parameter for okta-auth-js to use PKCE flow.

sandy · June 22, 2020, 6:35am

Thank you very much!

system · January 24, 2024, 8:08pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.