Disable PKCE authentication for SPA OIDC


I’m building an SPA and using the AWS Cognito Javascript library (@aws-sdk/client-cognito-identity-provider) for authentication. I’m trying to allow SSO with Okta. I have setup an Okta OIDC application and is able to see the Okta log in widget on the login screen. However, I’m facing problems because the AWS Cognito JS library does not yet support PKCE verification flow:

I’m trying to disable the PKCE authentication from the Okta OIDC application settings but I can’t as it’s disabled:

Is there any settings that I should set to disable the PKCE settings? Should I use another type of application (e.g. SWA instead of OIDC, or try the web OIDC instead of SPA)


What OIDC flow/Client auth does Cognito support if not Authorization Code with PKCE? Does it support Implicit flow?