Disable PKCE authentication for SPA OIDC


I’m building an SPA and using the AWS Cognito Javascript library (@aws-sdk/client-cognito-identity-provider) for authentication. I’m trying to allow SSO with Okta. I have setup an Okta OIDC application and is able to see the Okta log in widget on the login screen. However, I’m facing problems because the AWS Cognito JS library does not yet support PKCE verification flow:

I’m trying to disable the PKCE authentication from the Okta OIDC application settings but I can’t as it’s disabled:

Is there any settings that I should set to disable the PKCE settings? Should I use another type of application (e.g. SWA instead of OIDC, or try the web OIDC instead of SPA)


What OIDC flow/Client auth does Cognito support if not Authorization Code with PKCE? Does it support Implicit flow?

My situation is different, our client is using ‘http’ server. When they deploy on their server and want to access with the public IP of the server, Okta fails with “AuthSdkError”. Could you please suggest what can be done?
Client is not ready to move it to https, and I can’t edit PKCE as it is grayed out
I am stuck in a situation like deadlock. Any help is much appreciated

Can you use Implicit flow instead?

PKCE has a hard requirement for HTTPS on non-localhost domains (as described here), but Implicit does not have the same requirement and will be available for SPAs (which can only use PKCE Client Authentication)